From 95cd0ee07fc7f3844a91f6a2652f38afa44fc203 Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Wed, 30 Oct 2024 20:11:24 +0100 Subject: [PATCH 1/4] [OAS] Beautify generated operation ids (#198132) (cherry picked from commit e53d68c26d6c1f5330ee196938c650a786919a70) # Conflicts: # oas_docs/bundle.json # oas_docs/bundle.serverless.json # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml # packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap # packages/kbn-router-to-openapispec/src/process_versioned_router.test.ts --- oas_docs/bundle.json | 43691 +++++++++++-- oas_docs/bundle.serverless.json | 41826 +++++++++++++ oas_docs/output/kibana.serverless.yaml | 50973 ++++++++++++---- oas_docs/output/kibana.yaml | 50006 ++++++++++----- .../__snapshots__/generate_oas.test.ts.snap | 18 +- .../src/generate_oas.test.fixture.ts | 6 +- .../src/generate_oas.ts | 5 +- .../src/operation_id_counter.test.ts | 32 - .../src/operation_id_counter.ts | 24 - .../src/process_router.test.ts | 11 +- .../src/process_router.ts | 6 +- .../src/process_versioned_router.test.ts | 16 +- .../src/process_versioned_router.ts | 6 +- .../src/util.test.ts | 82 + .../kbn-router-to-openapispec/src/util.ts | 47 +- 15 files changed, 152036 insertions(+), 34713 deletions(-) create mode 100644 oas_docs/bundle.serverless.json delete mode 100644 packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts delete mode 100644 packages/kbn-router-to-openapispec/src/operation_id_counter.ts diff --git a/oas_docs/bundle.json b/oas_docs/bundle.json index 5215c3cf0a68f..1bf61ba293cb7 100644 --- a/oas_docs/bundle.json +++ b/oas_docs/bundle.json @@ -344,10 +344,10 @@ }, "openapi": "3.0.0", "paths": { - "/api/actions": { - "get": { - "deprecated": true, - "operationId": "%2Fapi%2Factions#0", + "/api/actions/connector/{id}": { + "delete": { + "description": "WARNING: When you delete a connector, it cannot be recovered.", + "operationId": "delete-actions-connector-id", "parameters": [ { "description": "The version of the API to use", @@ -360,19 +360,39 @@ ], "type": "string" } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } } ], - "responses": {}, - "summary": "Get all connectors", + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Delete a connector", "tags": [ "connectors" ] - } - }, - "/api/actions/action": { - "post": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction#0", + }, + "get": { + "operationId": "get-actions-connector-id", "parameters": [ { "description": "The version of the API to use", @@ -387,50 +407,15 @@ } }, { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", + "description": "An identifier for the connector.", + "in": "path", + "name": "id", "required": true, "schema": { - "example": "true", "type": "string" } } ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionTypeId": { - "description": "The connector type identifier.", - "type": "string" - }, - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name", - "actionTypeId" - ], - "type": "object" - } - } - } - }, "responses": { "200": { "content": { @@ -486,17 +471,13 @@ "description": "Indicates a successful call." } }, - "summary": "Create a connector", + "summary": "Get connector information", "tags": [ "connectors" ] - } - }, - "/api/actions/action/{id}": { - "delete": { - "deprecated": true, - "description": "WARNING: When you delete a connector, it cannot be recovered.", - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D#0", + }, + "post": { + "operationId": "post-actions-connector-id", "parameters": [ { "description": "The version of the API to use", @@ -524,48 +505,46 @@ "description": "An identifier for the connector.", "in": "path", "name": "id", - "required": true, + "required": false, "schema": { "type": "string" } } ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Delete a connector", - "tags": [ - "connectors" - ] - }, - "get": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D#1", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "default": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector.", + "type": "string" + }, + "name": { + "description": "The display name for the connector.", + "type": "string" + }, + "secrets": { + "additionalProperties": {}, + "default": {}, + "type": "object" + } + }, + "required": [ + "name", + "connector_type_id" + ], + "type": "object" + } } } - ], + }, "responses": { "200": { "content": { @@ -621,14 +600,13 @@ "description": "Indicates a successful call." } }, - "summary": "Get connector information", + "summary": "Create a connector", "tags": [ "connectors" ] }, "put": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D#2", + "operationId": "put-actions-connector-id", "parameters": [ { "description": "The version of the API to use", @@ -674,6 +652,7 @@ "type": "object" }, "name": { + "description": "The display name for the connector.", "type": "string" }, "secrets": { @@ -751,10 +730,10 @@ ] } }, - "/api/actions/action/{id}/_execute": { + "/api/actions/connector/{id}/_execute": { "post": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0", + "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", + "operationId": "post-actions-connector-id-execute", "parameters": [ { "description": "The version of the API to use", @@ -868,10 +847,67 @@ ] } }, - "/api/actions/connector/{id}": { + "/api/actions/connector_types": { + "get": { + "description": "You do not need any Kibana feature privileges to run this API.", + "operationId": "get-actions-connector-types", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", + "in": "query", + "name": "feature_id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get connector types", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/connectors": { + "get": { + "operationId": "get-actions-connectors", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get all connectors", + "tags": [ + "connectors" + ] + } + }, + "/api/alerting/rule/{id}": { "delete": { - "description": "WARNING: When you delete a connector, it cannot be recovered.", - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0", + "operationId": "delete-alerting-rule-id", "parameters": [ { "description": "The version of the API to use", @@ -896,7 +932,7 @@ } }, { - "description": "An identifier for the connector.", + "description": "The identifier for the rule.", "in": "path", "name": "id", "required": true, @@ -908,15 +944,24 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, - "summary": "Delete a connector", + "summary": "Delete a rule", "tags": [ - "connectors" + "alerting" ] }, "get": { - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1", + "operationId": "get-alerting-rule-id", "parameters": [ { "description": "The version of the API to use", @@ -931,7 +976,7 @@ } }, { - "description": "An identifier for the connector.", + "description": "The identifier for the rule.", "in": "path", "name": "id", "required": true, @@ -947,570 +992,32458 @@ "schema": { "additionalProperties": false, "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" }, - "name": { - "description": " The name of the rule.", + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Get connector information", - "tags": [ - "connectors" - ] - }, - "post": { - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector.", - "type": "string" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name", - "connector_type_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" }, - "connector_type_id": { - "description": "The connector type identifier.", + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", "type": "string" }, - "id": { - "description": "The identifier for the connector.", + "created_at": { + "description": "The date and time that the rule was created.", "type": "string" }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", "type": "boolean" }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" }, - "name": { - "description": " The name of the rule.", + "id": { + "description": "The identifier for the rule.", "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Create a connector", - "tags": [ - "connectors" - ] - }, - "put": { - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { "additionalProperties": {}, "type": "object" }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" }, - "id": { - "description": "The identifier for the connector.", + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", "type": "string" }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Get rule details", + "tags": [ + "alerting" + ] + }, + "post": { + "operationId": "post-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "enabled": { + "default": true, + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "schedule": { + "additionalProperties": false, + "description": "The check interval, which specifies how frequently the rule conditions are checked.", + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "description": "The tags for the rule.", + "items": { + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "rule_type_id", + "consumer", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "409": { + "description": "Indicates that the rule id is already in use." + } + }, + "summary": "Create a rule", + "tags": [ + "alerting" + ] + }, + "put": { + "operationId": "put-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." + } + }, + "summary": "Update a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_disable": { + "post": { + "operationId": "post-alerting-rule-id-disable", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "untrack": { + "description": "Defines whether this rule's alerts should be untracked.", + "type": "boolean" + } + }, + "type": "object", + "x-oas-optional": true + } + } + } + }, + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Disable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_enable": { + "post": { + "operationId": "post-alerting-rule-id-enable", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Enable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_mute_all": { + "post": { + "operationId": "post-alerting-rule-id-mute-all", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Mute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_unmute_all": { + "post": { + "operationId": "post-alerting-rule-id-unmute-all", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Unmute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_update_api_key": { + "post": { + "operationId": "post-alerting-rule-id-update-api-key", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." + } + }, + "summary": "Update the API key for a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { + "post": { + "operationId": "post-alerting-rule-rule-id-alert-alert-id-mute", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." + } + }, + "summary": "Mute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { + "post": { + "operationId": "post-alerting-rule-rule-id-alert-alert-id-unmute", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." + } + }, + "summary": "Unmute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rules/_find": { + "get": { + "operationId": "get-alerting-rules-find", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The number of rules to return per page.", + "in": "query", + "name": "per_page", + "required": false, + "schema": { + "default": 10, + "minimum": 0, + "type": "number" + } + }, + { + "description": "The page number to return.", + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "minimum": 1, + "type": "number" + } + }, + { + "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", + "in": "query", + "name": "search", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "The default operator to use for the simple_query_string.", + "in": "query", + "name": "default_search_operator", + "required": false, + "schema": { + "default": "OR", + "enum": [ + "OR", + "AND" + ], + "type": "string" + } + }, + { + "description": "The fields to perform the simple_query_string parsed query against.", + "in": "query", + "name": "search_fields", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", + "in": "query", + "name": "sort_field", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "Determines the sort order.", + "in": "query", + "name": "sort_order", + "required": false, + "schema": { + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + }, + { + "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", + "in": "query", + "name": "has_reference", + "required": false, + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "id" + ], + "type": "object" + } + }, + { + "in": "query", + "name": "fields", + "required": false, + "schema": { + "items": { + "description": "The fields to return in the `attributes` key of the response.", + "type": "string" + }, + "type": "array" + } + }, + { + "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", + "in": "query", + "name": "filter", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filter_consumers", + "required": false, + "schema": { + "items": { + "description": "List of consumers to filter.", + "type": "string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + } + }, + "summary": "Get information about rules", + "tags": [ + "alerting" + ] + } + }, + "/api/fleet/agent-status": { + "get": { + "operationId": "get-fleet-agent-status-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "policyId", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "policyIds", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "deprecated": true, + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/agent_download_sources": { + "get": { + "description": "List agent binary download sources", + "operationId": "get-fleet-agent-download-sources", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + }, + "post": { + "description": "Create agent binary download source", + "operationId": "post-fleet-agent-download-sources", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "host" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + } + }, + "/api/fleet/agent_download_sources/{sourceId}": { + "delete": { + "description": "Delete agent binary download source by ID", + "operationId": "delete-fleet-agent-download-sources-sourceid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + }, + "get": { + "description": "Get agent binary download source by ID", + "operationId": "get-fleet-agent-download-sources-sourceid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + }, + "put": { + "description": "Update agent binary download source by ID", + "operationId": "put-fleet-agent-download-sources-sourceid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "host" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + } + }, + "/api/fleet/agent_policies": { + "get": { + "description": "List agent policies", + "operationId": "get-fleet-agent-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "sortField", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "enum": [ + "desc", + "asc" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "showUpgradeable", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "use withAgentCount instead", + "in": "query", + "name": "noAgentCount", + "required": false, + "schema": { + "deprecated": true, + "type": "boolean" + } + }, + { + "description": "get policies with agent count", + "in": "query", + "name": "withAgentCount", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "description": "get full policies with package policies populated", + "in": "query", + "name": "full", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + }, + "post": { + "description": "Create an agent policy", + "operationId": "post-fleet-agent-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "sys_monitoring", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "force": { + "type": "boolean" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_protected": { + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/_bulk_get": { + "post": { + "description": "Bulk get agent policies", + "operationId": "post-fleet-agent-policies-bulk-get", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "full": { + "description": "get full policies with package policies populated", + "type": "boolean" + }, + "ids": { + "description": "list of package policy ids", + "items": { + "type": "string" + }, + "type": "array" + }, + "ignoreMissing": { + "type": "boolean" + } + }, + "required": [ + "ids" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/delete": { + "post": { + "description": "Delete agent policy by ID", + "operationId": "post-fleet-agent-policies-delete", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agentPolicyId": { + "type": "string" + }, + "force": { + "description": "bypass validation checks that can prevent agent policy deletion", + "type": "boolean" + } + }, + "required": [ + "agentPolicyId" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/outputs": { + "post": { + "description": "Get list of outputs associated with agent policies", + "operationId": "post-fleet-agent-policies-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "ids": { + "description": "list of package policy ids", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "ids" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "agentPolicyId": { + "type": "string" + }, + "data": { + "additionalProperties": false, + "properties": { + "integrations": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "integrationPolicyName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pkgName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "properties": { + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + } + }, + "required": [ + "monitoring", + "data" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}": { + "get": { + "description": "Get an agent policy by ID", + "operationId": "get-fleet-agent-policies-agentpolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + }, + "put": { + "description": "Update an agent policy by ID", + "operationId": "put-fleet-agent-policies-agentpolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "force": { + "type": "boolean" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_protected": { + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/copy": { + "post": { + "description": "Copy an agent policy by ID", + "operationId": "post-fleet-agent-policies-agentpolicyid-copy", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "name": { + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/download": { + "get": { + "description": "Download an agent policy by ID", + "operationId": "get-fleet-agent-policies-agentpolicyid-download", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "standalone", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kubernetes", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/full": { + "get": { + "description": "Get a full agent policy by ID", + "operationId": "get-fleet-agent-policies-agentpolicyid-full", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "standalone", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kubernetes", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": false, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "download": { + "additionalProperties": false, + "properties": { + "sourceURI": { + "type": "string" + } + }, + "required": [ + "sourceURI" + ], + "type": "object" + }, + "features": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "logs": { + "type": "boolean" + }, + "metrics": { + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "traces": { + "type": "boolean" + }, + "use_output": { + "type": "string" + } + }, + "required": [ + "enabled", + "metrics", + "logs", + "traces" + ], + "type": "object" + }, + "protection": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "signing_key": { + "type": "string" + }, + "uninstall_token_hash": { + "type": "string" + } + }, + "required": [ + "enabled", + "uninstall_token_hash", + "signing_key" + ], + "type": "object" + } + }, + "required": [ + "monitoring", + "download", + "features" + ], + "type": "object" + }, + "fleet": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "proxy_headers": {}, + "proxy_url": { + "type": "string" + }, + "ssl": { + "additionalProperties": false, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "renegotiation": { + "type": "string" + }, + "verification_mode": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "hosts", + "proxy_headers" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "kibana": { + "additionalProperties": false, + "properties": { + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "required": [ + "hosts", + "protocol" + ], + "type": "object" + } + }, + "required": [ + "kibana" + ], + "type": "object" + } + ] + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "namespace": { + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "meta": { + "additionalProperties": true, + "properties": { + "package": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "package_policy_id": { + "type": "string" + }, + "processors": { + "items": { + "additionalProperties": true, + "properties": { + "add_fields": { + "additionalProperties": true, + "properties": { + "fields": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "type": "object" + }, + "target": { + "type": "string" + } + }, + "required": [ + "target", + "fields" + ], + "type": "object" + } + }, + "required": [ + "add_fields" + ], + "type": "object" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "streams": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "dataset": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset" + ], + "type": "object" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "data_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "use_output": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "revision", + "type", + "data_stream", + "use_output", + "package_policy_id" + ], + "type": "object" + }, + "type": "array" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "output_permissions": { + "additionalProperties": { + "additionalProperties": {}, + "type": "object" + }, + "type": "object" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": true, + "properties": { + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "proxy_headers": {}, + "proxy_url": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "proxy_headers" + ], + "type": "object" + }, + "type": "object" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "signed": { + "additionalProperties": false, + "properties": { + "data": { + "type": "string" + }, + "signature": { + "type": "string" + } + }, + "required": [ + "data", + "signature" + ], + "type": "object" + } + }, + "required": [ + "id", + "outputs", + "inputs" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/outputs": { + "get": { + "description": "Get list of outputs associated with agent policy by policy id", + "operationId": "get-fleet-agent-policies-agentpolicyid-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "agentPolicyId": { + "type": "string" + }, + "data": { + "additionalProperties": false, + "properties": { + "integrations": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "integrationPolicyName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pkgName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "properties": { + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + } + }, + "required": [ + "monitoring", + "data" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_status": { + "get": { + "description": "Get agent status summary", + "operationId": "get-fleet-agent-status", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "policyId", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "policyIds", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "deprecated": true, + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "results": { + "additionalProperties": false, + "properties": { + "active": { + "type": "number" + }, + "all": { + "type": "number" + }, + "error": { + "type": "number" + }, + "events": { + "type": "number" + }, + "inactive": { + "type": "number" + }, + "offline": { + "type": "number" + }, + "online": { + "type": "number" + }, + "other": { + "type": "number" + }, + "total": { + "deprecated": true, + "type": "number" + }, + "unenrolled": { + "type": "number" + }, + "updating": { + "type": "number" + } + }, + "required": [ + "events", + "total", + "online", + "error", + "offline", + "other", + "updating", + "inactive", + "unenrolled", + "all", + "active" + ], + "type": "object" + } + }, + "required": [ + "results" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent status" + ] + } + }, + "/api/fleet/agent_status/data": { + "get": { + "description": "Get incoming agent data", + "operationId": "get-fleet-agent-status-data", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "agentsIds", + "required": true, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "in": "query", + "name": "previewData", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "dataPreview": { + "items": {}, + "type": "array" + }, + "items": { + "items": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "data": { + "type": "boolean" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items", + "dataPreview" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents": { + "get": { + "description": "List agents", + "operationId": "get-fleet-agents", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "showInactive", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "withMetrics", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "showUpgradeable", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "getStatusSummary", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "sortField", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + }, + "type": "array" + }, + "list": { + "deprecated": true, + "items": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "statusSummary": { + "additionalProperties": { + "type": "number" + }, + "type": "object" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "post": { + "description": "List agents by action ids", + "operationId": "post-fleet-agents", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "actionIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/action_status": { + "get": { + "description": "Get agent action status", + "operationId": "get-fleet-agents-action-status", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 0, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "date", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "latest", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "errorSize", + "required": false, + "schema": { + "default": 5, + "type": "number" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + }, + "cancellationTime": { + "type": "string" + }, + "completionTime": { + "type": "string" + }, + "creationTime": { + "description": "creation time of action", + "type": "string" + }, + "expiration": { + "type": "string" + }, + "hasRolloutPeriod": { + "type": "boolean" + }, + "latestErrors": { + "items": { + "additionalProperties": false, + "description": "latest errors that happened when the agents executed the action", + "properties": { + "agentId": { + "type": "string" + }, + "error": { + "type": "string" + }, + "hostname": { + "type": "string" + }, + "timestamp": { + "type": "string" + } + }, + "required": [ + "agentId", + "error", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "nbAgentsAck": { + "description": "number of agents that acknowledged the action", + "type": "number" + }, + "nbAgentsActionCreated": { + "description": "number of agents included in action from kibana", + "type": "number" + }, + "nbAgentsActioned": { + "description": "number of agents actioned", + "type": "number" + }, + "nbAgentsFailed": { + "description": "number of agents that failed to execute the action", + "type": "number" + }, + "newPolicyId": { + "description": "new policy id (POLICY_REASSIGN action)", + "type": "string" + }, + "policyId": { + "description": "policy id (POLICY_CHANGE action)", + "type": "string" + }, + "revision": { + "description": "new policy revision (POLICY_CHANGE action)", + "type": "number" + }, + "startTime": { + "description": "start time of action (scheduled actions)", + "type": "string" + }, + "status": { + "enum": [ + "COMPLETE", + "EXPIRED", + "CANCELLED", + "FAILED", + "IN_PROGRESS", + "ROLLOUT_PASSED" + ], + "type": "string" + }, + "type": { + "enum": [ + "UPGRADE", + "UNENROLL", + "SETTINGS", + "POLICY_REASSIGN", + "CANCEL", + "FORCE_UNENROLL", + "REQUEST_DIAGNOSTICS", + "UPDATE_TAGS", + "POLICY_CHANGE", + "INPUT_ACTION" + ], + "type": "string" + }, + "version": { + "description": "agent version number (UPGRADE action)", + "type": "string" + } + }, + "required": [ + "actionId", + "nbAgentsActionCreated", + "nbAgentsAck", + "nbAgentsFailed", + "type", + "nbAgentsActioned", + "status", + "creationTime" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/actions/{actionId}/cancel": { + "post": { + "description": "Cancel agent action", + "operationId": "post-fleet-agents-actions-actionid-cancel", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "actionId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "ack_data": {}, + "agents": { + "items": { + "type": "string" + }, + "type": "array" + }, + "created_at": { + "type": "string" + }, + "data": {}, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "minimum_execution_duration": { + "type": "number" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "rollout_duration_seconds": { + "type": "number" + }, + "sent_at": { + "type": "string" + }, + "source_uri": { + "type": "string" + }, + "start_time": { + "type": "string" + }, + "total": { + "type": "number" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "data", + "created_at", + "ack_data", + "agents" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/available_versions": { + "get": { + "description": "Get available agent versions", + "operationId": "get-fleet-agents-available-versions", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/bulk_reassign": { + "post": { + "description": "Bulk reassign agents", + "operationId": "post-fleet-agents-bulk-reassign", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "includeInactive": { + "default": false, + "type": "boolean" + }, + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id", + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_request_diagnostics": { + "post": { + "description": "Bulk request diagnostics from agents", + "operationId": "post-fleet-agents-bulk-request-diagnostics", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "additional_metrics": { + "items": { + "enum": [ + "CPU" + ], + "type": "string" + }, + "type": "array" + }, + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + } + }, + "required": [ + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_unenroll": { + "post": { + "description": "Bulk unenroll agents", + "operationId": "post-fleet-agents-bulk-unenroll", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "description": "KQL query string, leave empty to action all agents", + "type": "string" + }, + "type": "array" + }, + { + "description": "list of agent IDs", + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "force": { + "description": "Unenrolls hosted agents too", + "type": "boolean" + }, + "includeInactive": { + "description": "When passing agents by KQL query, unenrolls inactive agents too", + "type": "boolean" + }, + "revoke": { + "description": "Revokes API keys of agents", + "type": "boolean" + } + }, + "required": [ + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_update_agent_tags": { + "post": { + "description": "Bulk update agent tags", + "operationId": "post-fleet-agents-bulk-update-agent-tags", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "includeInactive": { + "default": false, + "type": "boolean" + }, + "tagsToAdd": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tagsToRemove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_upgrade": { + "post": { + "description": "Bulk upgrade agents", + "operationId": "post-fleet-agents-bulk-upgrade", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "force": { + "type": "boolean" + }, + "includeInactive": { + "default": false, + "type": "boolean" + }, + "rollout_duration_seconds": { + "minimum": 600, + "type": "number" + }, + "skipRateLimitCheck": { + "type": "boolean" + }, + "source_uri": { + "type": "string" + }, + "start_time": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "agents", + "version" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/files/{fileId}": { + "delete": { + "description": "Delete file uploaded by agent", + "operationId": "delete-fleet-agents-files-fileid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "fileId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "deleted": { + "type": "boolean" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "deleted" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/files/{fileId}/{fileName}": { + "get": { + "description": "Get file uploaded by agent", + "operationId": "get-fleet-agents-files-fileid-filename", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "fileId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "fileName", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/setup": { + "get": { + "description": "Get agent setup info", + "operationId": "get-fleet-agents-setup", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.", + "properties": { + "isReady": { + "type": "boolean" + }, + "is_secrets_storage_enabled": { + "type": "boolean" + }, + "is_space_awareness_enabled": { + "type": "boolean" + }, + "missing_optional_features": { + "items": { + "enum": [ + "encrypted_saved_object_encryption_key_required" + ], + "type": "string" + }, + "type": "array" + }, + "missing_requirements": { + "items": { + "enum": [ + "security_required", + "tls_required", + "api_keys", + "fleet_admin_user", + "fleet_server" + ], + "type": "string" + }, + "type": "array" + }, + "package_verification_key_id": { + "type": "string" + } + }, + "required": [ + "isReady", + "missing_requirements", + "missing_optional_features" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "post": { + "description": "Initiate agent setup", + "operationId": "post-fleet-agents-setup", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", + "properties": { + "isInitialized": { + "type": "boolean" + }, + "nonFatalErrors": { + "items": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "isInitialized", + "nonFatalErrors" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/tags": { + "get": { + "description": "List agent tags", + "operationId": "get-fleet-agents-tags", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "showInactive", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/{agentId}": { + "delete": { + "description": "Delete agent by ID", + "operationId": "delete-fleet-agents-agentid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "enum": [ + "deleted" + ], + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "get": { + "description": "Get agent by ID", + "operationId": "get-fleet-agents-agentid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "withMetrics", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "put": { + "description": "Update agent by ID", + "operationId": "put-fleet-agents-agentid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/{agentId}/actions": { + "post": { + "description": "Create agent action", + "operationId": "post-fleet-agents-agentid-actions", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "ack_data": {}, + "data": {}, + "type": { + "enum": [ + "UNENROLL", + "UPGRADE", + "POLICY_REASSIGN" + ], + "type": "string" + } + }, + "required": [ + "type", + "data", + "ack_data" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "data": { + "additionalProperties": false, + "properties": { + "log_level": { + "enum": [ + "debug", + "info", + "warning", + "error" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "log_level" + ], + "type": "object" + }, + "type": { + "enum": [ + "SETTINGS" + ], + "type": "string" + } + }, + "required": [ + "type", + "data" + ], + "type": "object" + } + ] + } + }, + "required": [ + "action" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "ack_data": {}, + "agents": { + "items": { + "type": "string" + }, + "type": "array" + }, + "created_at": { + "type": "string" + }, + "data": {}, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "minimum_execution_duration": { + "type": "number" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "rollout_duration_seconds": { + "type": "number" + }, + "sent_at": { + "type": "string" + }, + "source_uri": { + "type": "string" + }, + "start_time": { + "type": "string" + }, + "total": { + "type": "number" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "data", + "created_at", + "ack_data", + "agents" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/reassign": { + "post": { + "description": "Reassign agent", + "operationId": "post-fleet-agents-agentid-reassign", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": {}, + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + }, + "put": { + "operationId": "put-fleet-agents-agentid-reassign", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/agents/{agentId}/request_diagnostics": { + "post": { + "description": "Request agent diagnostics", + "operationId": "post-fleet-agents-agentid-request-diagnostics", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "additional_metrics": { + "items": { + "enum": [ + "CPU" + ], + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/unenroll": { + "post": { + "description": "Unenroll agent", + "operationId": "post-fleet-agents-agentid-unenroll", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + }, + "revoke": { + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/upgrade": { + "post": { + "description": "Upgrade agent", + "operationId": "post-fleet-agents-agentid-upgrade", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "force": { + "type": "boolean" + }, + "skipRateLimitCheck": { + "type": "boolean" + }, + "source_uri": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "version" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": {}, + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/uploads": { + "get": { + "description": "List agent uploads", + "operationId": "get-fleet-agents-agentid-uploads", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + }, + "createTime": { + "type": "string" + }, + "error": { + "type": "string" + }, + "filePath": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "enum": [ + "READY", + "AWAITING_UPLOAD", + "DELETED", + "EXPIRED", + "IN_PROGRESS", + "FAILED" + ], + "type": "string" + } + }, + "required": [ + "id", + "name", + "filePath", + "createTime", + "status", + "actionId" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/check-permissions": { + "get": { + "description": "Check permissions", + "operationId": "get-fleet-check-permissions", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "fleetServerSetup", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "error": { + "enum": [ + "MISSING_SECURITY", + "MISSING_PRIVILEGES", + "MISSING_FLEET_SERVER_SETUP_PRIVILEGES" + ], + "type": "string" + }, + "success": { + "type": "boolean" + } + }, + "required": [ + "success" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/data_streams": { + "get": { + "description": "List data streams", + "operationId": "get-fleet-data-streams", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "data_streams": { + "items": { + "additionalProperties": false, + "properties": { + "dashboards": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "id", + "title" + ], + "type": "object" + }, + "type": "array" + }, + "dataset": { + "type": "string" + }, + "index": { + "type": "string" + }, + "last_activity_ms": { + "type": "number" + }, + "namespace": { + "type": "string" + }, + "package": { + "type": "string" + }, + "package_version": { + "type": "string" + }, + "serviceDetails": { + "additionalProperties": false, + "nullable": true, + "properties": { + "environment": { + "type": "string" + }, + "serviceName": { + "type": "string" + } + }, + "required": [ + "environment", + "serviceName" + ], + "type": "object" + }, + "size_in_bytes": { + "type": "number" + }, + "size_in_bytes_formatted": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + } + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "index", + "dataset", + "namespace", + "type", + "package", + "package_version", + "last_activity_ms", + "size_in_bytes", + "size_in_bytes_formatted", + "dashboards", + "serviceDetails" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "data_streams" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Data streams" + ] + } + }, + "/api/fleet/enrollment-api-keys": { + "get": { + "operationId": "get-fleet-enrollment-api-keys-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + }, + "post": { + "operationId": "post-fleet-enrollment-api-keys-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "expiration": { + "type": "string" + }, + "name": { + "type": "string" + }, + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/enrollment-api-keys/{keyId}": { + "delete": { + "operationId": "delete-fleet-enrollment-api-keys-keyid-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + }, + "get": { + "operationId": "get-fleet-enrollment-api-keys-keyid-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/enrollment_api_keys": { + "get": { + "description": "List enrollment API keys", + "operationId": "get-fleet-enrollment-api-keys", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + }, + "type": "array" + }, + "list": { + "deprecated": true, + "items": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage", + "list" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + }, + "post": { + "description": "Create enrollment API key", + "operationId": "post-fleet-enrollment-api-keys", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "expiration": { + "type": "string" + }, + "name": { + "type": "string" + }, + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "enum": [ + "created" + ], + "type": "string" + }, + "item": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + } + }, + "required": [ + "item", + "action" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + } + }, + "/api/fleet/enrollment_api_keys/{keyId}": { + "delete": { + "description": "Revoke enrollment API key by ID by marking it as inactive", + "operationId": "delete-fleet-enrollment-api-keys-keyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "enum": [ + "deleted" + ], + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + }, + "get": { + "description": "Get enrollment API key by ID", + "operationId": "get-fleet-enrollment-api-keys-keyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + } + }, + "/api/fleet/epm/bulk_assets": { + "post": { + "description": "Bulk get assets", + "operationId": "post-fleet-epm-bulk-assets", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "assetIds": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "assetIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "appLink": { + "type": "string" + }, + "attributes": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "service": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "type": "object" + }, + "id": { + "type": "string" + }, + "type": { + "type": "string" + }, + "updatedAt": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "attributes" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/categories": { + "get": { + "description": "List package categories", + "operationId": "get-fleet-epm-categories", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "experimental", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "include_policy_templates", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "count": { + "type": "number" + }, + "id": { + "type": "string" + }, + "parent_id": { + "type": "string" + }, + "parent_title": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "id", + "title", + "count" + ], + "type": "object" + }, + "type": "array" + }, + "response": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "count": { + "type": "number" + }, + "id": { + "type": "string" + }, + "parent_id": { + "type": "string" + }, + "parent_title": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "id", + "title", + "count" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/custom_integrations": { + "post": { + "description": "Create custom integration", + "operationId": "post-fleet-epm-custom-integrations", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "datasets": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "type": { + "enum": [ + "logs", + "metrics", + "traces", + "synthetics", + "profiling" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "force": { + "type": "boolean" + }, + "integrationName": { + "type": "string" + } + }, + "required": [ + "integrationName", + "datasets" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_meta": { + "additionalProperties": false, + "properties": { + "install_source": { + "type": "string" + } + }, + "required": [ + "install_source" + ], + "type": "object" + }, + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items", + "_meta" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/data_streams": { + "get": { + "description": "List data streams", + "operationId": "get-fleet-epm-data-streams", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "type", + "required": false, + "schema": { + "enum": [ + "logs", + "metrics", + "traces", + "synthetics", + "profiling" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "datasetQuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "default": "asc", + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "uncategorisedOnly", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Data streams" + ] + } + }, + "/api/fleet/epm/packages": { + "get": { + "description": "List packages", + "operationId": "get-fleet-epm-packages", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "category", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "experimental", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "excludeInstallStatus", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": true, + "properties": { + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "id": { + "type": "string" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "integration": { + "type": "string" + }, + "internal": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "name": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "id" + ], + "type": "object" + }, + "type": "array" + }, + "response": { + "items": { + "additionalProperties": true, + "deprecated": true, + "properties": { + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "id": { + "type": "string" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "integration": { + "type": "string" + }, + "internal": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "name": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "id" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "post": { + "description": "Install package by upload", + "operationId": "post-fleet-epm-packages", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "ignoreMappingUpdateErrors", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "skipDataStreamRollover", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { + "schema": { + "format": "binary", + "type": "string" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_meta": { + "additionalProperties": false, + "properties": { + "install_source": { + "type": "string" + } + }, + "required": [ + "install_source" + ], + "type": "object" + }, + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items", + "_meta" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/_bulk": { + "post": { + "description": "Bulk install packages", + "operationId": "post-fleet-epm-packages-bulk", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "force": { + "default": false, + "type": "boolean" + }, + "packages": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "prerelease": { + "type": "boolean" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + } + ] + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "packages" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "result": { + "additionalProperties": false, + "properties": { + "assets": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "error": {}, + "installSource": { + "type": "string" + }, + "installType": { + "type": "string" + }, + "status": { + "enum": [ + "installed", + "already_installed" + ], + "type": "string" + } + }, + "required": [ + "error", + "installType" + ], + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version", + "result" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "error": { + "anyOf": [ + { + "type": "string" + }, + {} + ] + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "name", + "statusCode", + "error" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "result": { + "additionalProperties": false, + "properties": { + "assets": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "error": {}, + "installSource": { + "type": "string" + }, + "installType": { + "type": "string" + }, + "status": { + "enum": [ + "installed", + "already_installed" + ], + "type": "string" + } + }, + "required": [ + "error", + "installType" + ], + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version", + "result" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "error": { + "anyOf": [ + { + "type": "string" + }, + {} + ] + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "name", + "statusCode", + "error" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/installed": { + "get": { + "description": "Get installed packages", + "operationId": "get-fleet-epm-packages-installed", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "dataStreamType", + "required": false, + "schema": { + "enum": [ + "logs", + "metrics", + "traces", + "synthetics", + "profiling" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "showOnlyActiveDataStreams", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "nameQuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "searchAfter", + "required": false, + "schema": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "type": "array" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 15, + "type": "number" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "default": "asc", + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "dataStreams": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "name", + "title" + ], + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version", + "status", + "dataStreams" + ], + "type": "object" + }, + "type": "array" + }, + "searchAfter": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "boolean" + }, + { + "enum": [], + "nullable": true + }, + {} + ] + }, + "type": "array" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/limited": { + "get": { + "description": "Get limited package list", + "operationId": "get-fleet-epm-packages-limited", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/stats": { + "get": { + "description": "Get package stats", + "operationId": "get-fleet-epm-packages-pkgname-stats", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "response": { + "additionalProperties": false, + "properties": { + "agent_policy_count": { + "type": "number" + } + }, + "required": [ + "agent_policy_count" + ], + "type": "object" + } + }, + "required": [ + "response" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}": { + "delete": { + "description": "Delete package", + "operationId": "delete-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "force", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + } + }, + "required": [ + "force" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "get": { + "description": "Get package", + "operationId": "get-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "ignoreUnverified", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "full", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "withMetadata", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "has_policies": { + "type": "boolean" + } + }, + "required": [ + "has_policies" + ], + "type": "object" + }, + "response": { + "additionalProperties": true, + "deprecated": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "post": { + "description": "Install package from registry", + "operationId": "post-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "ignoreMappingUpdateErrors", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "skipDataStreamRollover", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "default": false, + "type": "boolean" + }, + "ignore_constraints": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_meta": { + "additionalProperties": false, + "properties": { + "install_source": { + "type": "string" + } + }, + "required": [ + "install_source" + ], + "type": "object" + }, + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items", + "_meta" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "put": { + "description": "Update package settings", + "operationId": "put-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "keepPoliciesUpToDate": { + "type": "boolean" + } + }, + "required": [ + "keepPoliciesUpToDate" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + }, + "response": { + "additionalProperties": true, + "deprecated": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize": { + "post": { + "description": "Authorize transforms", + "operationId": "post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "transforms": { + "items": { + "additionalProperties": false, + "properties": { + "transformId": { + "type": "string" + } + }, + "required": [ + "transformId" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "transforms" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "error": { + "nullable": true + }, + "success": { + "type": "boolean" + }, + "transformId": { + "type": "string" + } + }, + "required": [ + "transformId", + "success", + "error" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}": { + "get": { + "description": "Get package file", + "operationId": "get-fleet-epm-packages-pkgname-pkgversion-filepath", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "filePath", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": {} + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgkey}": { + "delete": { + "operationId": "delete-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + } + }, + "required": [ + "force" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + }, + "get": { + "operationId": "get-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "ignoreUnverified", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "full", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "withMetadata", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + }, + "post": { + "operationId": "post-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "ignoreMappingUpdateErrors", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "skipDataStreamRollover", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + } + }, + "required": [ + "force" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + }, + "put": { + "operationId": "put-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "keepPoliciesUpToDate": { + "type": "boolean" + } + }, + "required": [ + "keepPoliciesUpToDate" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": { + "get": { + "description": "Get inputs template", + "operationId": "get-fleet-epm-templates-pkgname-pkgversion-inputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "default": "json", + "enum": [ + "json", + "yml", + "yaml" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "ignoreUnverified", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": false, + "properties": { + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "dataset": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset" + ], + "type": "object" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "data_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "inputs" + ], + "type": "object" + } + ] + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/verification_key_id": { + "get": { + "description": "Get a package signature verification key ID", + "operationId": "get-fleet-epm-verification-key-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/fleet_server_hosts": { + "get": { + "description": "List Fleet Server hosts", + "operationId": "get-fleet-fleet-server-hosts", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + }, + "post": { + "description": "Create Fleet Server host", + "operationId": "post-fleet-fleet-server-hosts", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "host_urls" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + } + }, + "/api/fleet/fleet_server_hosts/{itemId}": { + "delete": { + "description": "Delete Fleet Server host by ID", + "operationId": "delete-fleet-fleet-server-hosts-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + }, + "get": { + "description": "Get Fleet Server host by ID", + "operationId": "get-fleet-fleet-server-hosts-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + }, + "put": { + "description": "Update Fleet Server host by ID", + "operationId": "put-fleet-fleet-server-hosts-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "is_default": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "proxy_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + } + }, + "/api/fleet/health_check": { + "post": { + "description": "Check Fleet Server health", + "operationId": "post-fleet-health-check", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "deprecated": true, + "type": "string" + }, + "host_id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/kubernetes": { + "get": { + "description": "Get full K8s agent manifest", + "operationId": "get-fleet-kubernetes", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "fleetServer", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "enrolToken", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "type": "string" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/kubernetes/download": { + "get": { + "operationId": "get-fleet-kubernetes-download", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "fleetServer", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "enrolToken", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/logstash_api_keys": { + "post": { + "description": "Generate Logstash API key", + "operationId": "post-fleet-logstash-api-keys", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "api_key": { + "type": "string" + } + }, + "required": [ + "api_key" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/message_signing_service/rotate_key_pair": { + "post": { + "description": "Rotate fleet message signing key pair", + "operationId": "post-fleet-message-signing-service-rotate-key-pair", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "acknowledge", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "500": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Message Signing Service" + ] + } + }, + "/api/fleet/outputs": { + "get": { + "description": "List outputs", + "operationId": "get-fleet-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + }, + "post": { + "description": "Create output", + "operationId": "post-fleet-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": false, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": false, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": false, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/outputs/{outputId}": { + "delete": { + "description": "Delete output by ID", + "operationId": "delete-fleet-outputs-outputid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + }, + "get": { + "description": "Get output by ID", + "operationId": "get-fleet-outputs-outputid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + }, + "put": { + "description": "Update output by ID", + "operationId": "put-fleet-outputs-outputid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_default_monitoring": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_default_monitoring": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_default_monitoring": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": false, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": false, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": false, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "compression_level", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/outputs/{outputId}/health": { + "get": { + "description": "Get latest output health", + "operationId": "get-fleet-outputs-outputid-health", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "description": "long message if unhealthy", + "type": "string" + }, + "state": { + "description": "state of output, HEALTHY or DEGRADED", + "type": "string" + }, + "timestamp": { + "description": "timestamp of reported state", + "type": "string" + } + }, + "required": [ + "state", + "message", + "timestamp" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/package_policies": { + "get": { + "description": "List package policies", + "operationId": "get-fleet-package-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "sortField", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "enum": [ + "desc", + "asc" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "showUpgradeable", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "withAgentCount", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" + "page": { + "type": "number" }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" + "perPage": { + "type": "number" }, - "name": { - "description": " The name of the rule.", - "type": "string" + "total": { + "type": "number" } }, "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" + "items", + "total", + "page", + "perPage" ], "type": "object" } } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Update a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector/{id}/_execute": { - "post": { - "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", - "operationId": "%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" } }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "params": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "params" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { + "400": { "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { "additionalProperties": false, + "description": "Generic Error", "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", + "error": { "type": "string" }, - "id": { - "description": "The identifier for the connector.", + "message": { "type": "string" }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" + "statusCode": { + "type": "number" } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Run a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector_types": { - "get": { - "description": "You do not need any Kibana feature privileges to run this API.", - "operationId": "%2Fapi%2Factions%2Fconnector_types#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", - "in": "query", - "name": "feature_id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get connector types", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connectors": { - "get": { - "operationId": "%2Fapi%2Factions%2Fconnectors#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get all connectors", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/list_action_types": { - "get": { - "deprecated": true, - "operationId": "%2Fapi%2Factions%2Flist_action_types#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get connector types", - "tags": [ - "connectors" - ] - } - }, - "/api/alerting/rule/{id}": { - "delete": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" + }, + "required": [ + "message" + ], + "type": "object" + } + } } } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } }, - "summary": "Delete a rule", + "summary": "", "tags": [ - "alerting" + "Fleet package policies" ] }, - "get": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0", + "post": { + "description": "Create package policy", + "operationId": "post-fleet-package-policies", "parameters": [ { "description": "The version of the API to use", @@ -1525,928 +33458,1266 @@ } }, { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", "required": true, "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], "type": "string" } } ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "description": { + "description": "Package policy description", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "force": { + "description": "Force package policy creation even if package is not verified, or if the agent policy is managed.", + "type": "boolean" + }, + "id": { + "description": "Package policy unique identifier", + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "name", + "inputs" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { "additionalProperties": false, "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { "additionalProperties": false, "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], + "id": { "type": "string" + }, + "isSecretRef": { + "type": "boolean" } }, "required": [ - "store" + "id", + "isSecretRef" ], "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" } - }, - "required": [ - "meta" ], - "type": "object" + "nullable": true }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" } }, - "required": [ - "kql", - "filters" - ], "type": "object" }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" + "type": "string" }, "type": "array" }, - "hours": { + { + "items": { + "type": "number" + }, + "type": "array" + }, + { "additionalProperties": false, "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "id": { "type": "string" }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" + "isSecretRef": { + "type": "boolean" } }, "required": [ - "start", - "end" + "id", + "isSecretRef" ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" } }, - "required": [ - "reason", - "message" - ], "type": "object" }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" ], - "type": "string" - } + "type": "object" + }, + "type": "array" }, - "required": [ - "reason", - "message" - ], - "type": "object" - } + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" + "policy_id": { + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "type": "string" }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } + "type": "array" }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" + { + "type": "string" }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, + { "type": "number" }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "nullable": true }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } }, - "monitoring": { + "required": [ + "name", + "package" + ], + "type": "object" + } + ], + "description": "You should use inputs as an object and not use the deprecated inputs array." + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { "additionalProperties": false, - "description": "Monitoring details of the rule.", "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", + "privileges": { + "additionalProperties": true, "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" + "cluster": { + "items": { + "type": "string" + }, + "type": "array" } }, - "required": [ - "success_ratio" - ], "type": "object" - }, - "history": { - "description": "History of the rule run.", + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { "items": { "additionalProperties": false, "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } + "required": [ + "dataset", + "type" + ], + "type": "object" }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", + "enabled": { + "type": "boolean" + }, + "id": { "type": "string" }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" + "type": "array" }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" + "type": { + "type": "string" }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" } }, "required": [ - "success", - "timestamp" + "type", + "enabled", + "streams", + "compiled_input" ], "type": "object" }, "type": "array" }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" }, - "type": "object" + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } + "required": [ + "data_stream", + "features" + ], + "type": "object" }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" } }, "required": [ - "history", - "calculated_metrics", - "last_run" + "name", + "version" ], "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", "type": "string" }, - "rRule": { + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { "additionalProperties": false, "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} }, - "type": "array" + "required": [ + "value" + ], + "type": "object" }, - "byweekday": { - "items": { - "anyOf": [ - { + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { "type": "string" }, - { + "type": "array" + }, + { + "items": { "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" + "nullable": true }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" + "version": { + "type": "string" + } }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", + "message": { "type": "string" }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "409": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, + "message": { "type": "string" + }, + "statusCode": { + "type": "number" } }, "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" + "message" ], "type": "object" } } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." + } } }, - "summary": "Get rule details", + "summary": "", "tags": [ - "alerting" + "Fleet package policies" ] - }, + } + }, + "/api/fleet/package_policies/_bulk_get": { "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0", + "description": "Bulk get package policies", + "operationId": "post-fleet-package-policies-bulk-get", "parameters": [ { "description": "The version of the API to use", @@ -2471,11 +34742,14 @@ } }, { - "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", - "in": "path", - "name": "id", + "in": "query", + "name": "format", "required": false, "schema": { + "enum": [ + "simplified", + "legacy" + ], "type": "string" } } @@ -2486,286 +34760,704 @@ "schema": { "additionalProperties": false, "properties": { - "actions": { - "default": [], + "ids": { + "description": "list of package policy ids", "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" + "type": "string" + }, + "type": "array" + }, + "ignoreMissing": { + "type": "boolean" + } + }, + "required": [ + "ids" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { "additionalProperties": false, "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { "enum": [ - "appState", - "globalState" + "ga", + "beta", + "experimental" ], "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" } }, "required": [ - "store" + "enabled", + "data_stream", + "compiled_stream" ], "type": "object" }, - "meta": { - "additionalProperties": {}, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], "type": "object" }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } }, - "type": "array" + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } + "type": "array" }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } }, - "type": "array" + "type": "object" }, - "hours": { + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "data_stream": { "type": "string" }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" } }, "required": [ - "start", - "end" + "data_stream", + "features" ], "type": "object" }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { "type": "string" } }, "required": [ - "days", - "hours", - "timezone" + "id" ], "type": "object" - } + }, + "type": "array" }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], + "spaceIds": { + "items": { "type": "string" }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } + "type": "array" }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" + "type": "array" + } }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" }, - "required": [ - "active" - ], - "type": "object" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "enabled": { - "default": true, - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } + "message": { + "type": "string" }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" + "statusCode": { + "type": "number" + } }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } }, - "schedule": { - "additionalProperties": false, - "description": "The check interval, which specifies how frequently the rule conditions are checked.", - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/delete": { + "post": { + "description": "Bulk delete package policies", + "operationId": "post-fleet-package-policies-delete", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "force": { + "type": "boolean" }, - "tags": { - "default": [], - "description": "The tags for the rule.", + "packagePolicyIds": { "items": { "type": "string" }, "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" } }, "required": [ - "name", - "rule_type_id", - "consumer", - "schedule" + "packagePolicyIds" ], "type": "object" } @@ -2777,914 +35469,1468 @@ "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { + "items": { + "additionalProperties": false, + "properties": { + "body": { "additionalProperties": false, "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } + "doc_value_only_other": { + "type": "boolean" }, - "required": [ - "start", - "end" - ], - "type": "object" + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" + "type": "object" + } }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } + "required": [ + "data_stream", + "features" + ], + "type": "object" }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" + "type": "array" }, - "id": { - "description": "The identifier for the connector saved object.", + "name": { + "description": "Package name", "type": "string" }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", + "requires_root": { "type": "boolean" }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", + "title": { + "type": "string" + }, + "version": { + "description": "Package version", "type": "string" } }, "required": [ - "id", - "connector_type_id", - "params" + "name", + "version" ], "type": "object" }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } + "policy_id": { + "deprecated": true, + "description": "Use `policy_ids` instead", + "nullable": true, + "type": "string" }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" + "policy_ids": { + "items": { + "type": "string" }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } + "type": "array" }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" + "statusCode": { + "type": "number" + }, + "success": { + "type": "boolean" + } }, - "id": { - "description": "The identifier for the rule.", + "required": [ + "id", + "success", + "policy_ids", + "package" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, + "message": { "type": "string" }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/upgrade": { + "post": { + "description": "Upgrade package policy to a newer package version", + "operationId": "post-fleet-package-policies-upgrade", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "packagePolicyIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "packagePolicyIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "body": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } }, - "outcome_msg": { + "required": [ + "message" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + }, + "success": { + "type": "boolean" + } + }, + "required": [ + "id", + "success" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/upgrade/dryrun": { + "post": { + "description": "Dry run package policy upgrade", + "operationId": "post-fleet-package-policies-upgrade-dryrun", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "packagePolicyIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "packageVersion": { + "type": "string" + } + }, + "required": [ + "packagePolicyIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "agent_diff": { + "items": { "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "namespace": { + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "meta": { + "additionalProperties": true, + "properties": { + "package": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + } + }, + "required": [ + "package" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "package_policy_id": { + "type": "string" + }, + "processors": { + "items": { + "additionalProperties": true, + "properties": { + "add_fields": { + "additionalProperties": true, + "properties": { + "fields": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "type": "object" + }, + "target": { + "type": "string" + } + }, + "required": [ + "target", + "fields" + ], + "type": "object" + } + }, + "required": [ + "add_fields" + ], + "type": "object" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "streams": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "dataset": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset" + ], + "type": "object" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "data_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "use_output": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "revision", + "type", + "data_stream", + "use_output", + "package_policy_id" + ], + "type": "object" }, - "nullable": true, "type": "array" }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "type": "array" + }, + "body": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } + "required": [ + "message" + ], + "type": "object" }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { + "diff": { + "items": { + "anyOf": [ + { "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", "properties": { - "p50": { + "agents": { "type": "number" }, - "p95": { - "type": "number" + "created_at": { + "type": "string" }, - "p99": { - "type": "number" + "created_by": { + "type": "string" }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } }, - "outcome": { + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { "additionalProperties": false, "properties": { - "alerts_count": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { "additionalProperties": false, "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" + "frozen": { + "type": "boolean" }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" + "type": { + "type": "string" }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } + "value": {} }, + "required": [ + "value" + ], "type": "object" }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" + "nullable": true }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "description": { + "description": "Package policy description", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "errors": { + "items": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, + "message": { "type": "string" } }, "required": [ - "outcome", - "alerts_count" + "message" ], "type": "object" }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } + "type": "array" }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" + "force": { + "type": "boolean" }, - "timestamp": { - "description": "Time of the most recent rule run.", + "id": { "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" + "missingVars": { + "items": { + "type": "string" + }, + "type": "array" }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" + "name": { + "description": "Package policy name (should be unique)", + "type": "string" }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" + "output_id": { + "nullable": true, + "type": "string" }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", "type": "string" }, - { - "type": "number" + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" } + }, + "required": [ + "name", + "version" ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + "type": "object" }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } + "required": [ + "name", + "enabled", + "inputs" + ], + "type": "object" + } + ] }, - "required": [ - "duration", - "rRule" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", + "hasErrors": { + "type": "boolean" + }, + "name": { "type": "string" }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" + "statusCode": { + "type": "number" + } }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", + "required": [ + "hasErrors" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, + "message": { "type": "string" }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" + "statusCode": { + "type": "number" } }, "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" + "message" ], "type": "object" } } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "409": { - "description": "Indicates that the rule id is already in use." + } } }, - "summary": "Create a rule", + "summary": "", "tags": [ - "alerting" + "Fleet package policies" ] - }, - "put": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1", + } + }, + "/api/fleet/package_policies/{packagePolicyId}": { + "delete": { + "description": "Delete package policy by ID", + "operationId": "delete-fleet-package-policies-packagepolicyid", "parameters": [ { "description": "The version of the API to use", @@ -3709,1450 +36955,2015 @@ } }, { - "description": "The identifier for the rule.", "in": "path", - "name": "id", + "name": "packagePolicyId", "required": true, "schema": { "type": "string" } + }, + { + "in": "query", + "name": "force", + "required": false, + "schema": { + "type": "boolean" + } } ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + }, + "get": { + "description": "Get package policy by ID", + "operationId": "get-fleet-package-policies-packagepolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "packagePolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { "additionalProperties": false, - "description": "An action that runs under defined conditions.", "properties": { - "alerts_filter": { - "additionalProperties": false, + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, "properties": { - "query": { - "additionalProperties": false, + "privileges": { + "additionalProperties": true, "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "cluster": { "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" ], - "type": "string" - } + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" + "type": { + "type": "string" + }, + "value": {} }, - "query": { - "additionalProperties": {}, - "type": "object" - } + "required": [ + "value" + ], + "type": "object" }, - "required": [ - "meta" - ], + "description": "Package variable (see integration documentation for more information)", "type": "object" - }, - "type": "array" + } }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" }, - "required": [ - "kql", - "filters" - ], - "type": "object" + "type": "array" }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" }, - "required": [ - "start", - "end" - ], - "type": "object" + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } + "type": "object" }, - "required": [ - "days", - "hours", - "timezone" - ], + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, "type": "object" } }, "type": "object" }, - "frequency": { + "package": { "additionalProperties": false, "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", "type": "string" }, - "summary": { - "description": "Indicates whether the action is a summary.", + "requires_root": { "type": "boolean" }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, + "title": { "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" + ] }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", + "version": { "type": "string" } }, "required": [ - "id" + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" ], "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" + } }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "items": { - "description": "The tags for the rule.", + "message": { "type": "string" }, - "type": "array" + "statusCode": { + "type": "number" + } }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "schedule" - ], - "type": "object" + "required": [ + "message" + ], + "type": "object" + } } } - } - }, - "responses": { - "200": { + }, + "404": { "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { "additionalProperties": false, "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + }, + "put": { + "description": "Update package policy by ID", + "operationId": "put-fleet-package-policies-packagepolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "packagePolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "description": { + "description": "Package policy description", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "force": { + "type": "boolean" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", + "type": { "type": "string" - } + }, + "value": {} }, "required": [ - "kql", - "filters" + "value" ], "type": "object" }, - "timeframe": { + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { "additionalProperties": false, "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" ], - "type": "integer" + "type": "object" }, - "type": "array" + "description": "Package variable (see integration documentation for more information)", + "type": "object" }, - "hours": { + "data_stream": { "additionalProperties": false, "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "dataset": { "type": "string" }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { "type": "string" } }, "required": [ - "start", - "end" + "dataset", + "type" ], "type": "object" }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" } }, "required": [ - "days", - "hours", - "timezone" + "enabled", + "data_stream", + "compiled_stream" ], "type": "object" - } + }, + "type": "array" }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" + "type": "object" }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } + "required": [ + "type", + "enabled" + ], + "type": "object" }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", + "is_managed": { + "type": "boolean" + }, + "name": { "type": "string" }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" ], - "type": "string" - } + "type": "object" + }, + "type": "array" }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", "type": "string" }, - "warning": { + "type": "array" + }, + "vars": { + "additionalProperties": { "additionalProperties": false, "properties": { - "message": { - "description": "Warning message.", - "type": "string" + "frozen": { + "type": "boolean" }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], + "type": { "type": "string" - } + }, + "value": {} }, "required": [ - "reason", - "message" + "value" ], "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } + "description": "Package variable (see integration documentation for more information)", + "type": "object" }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" + "version": { + "type": "string" + } }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "additionalProperties": { "additionalProperties": false, "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" + { + "type": "string" }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, + { "type": "number" }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "nullable": true }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } }, - "monitoring": { + "required": [ + "name", + "package" + ], + "type": "object" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { "additionalProperties": false, - "description": "Monitoring details of the rule.", "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", + "privileges": { + "additionalProperties": true, "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" + "cluster": { + "items": { + "type": "string" + }, + "type": "array" } }, - "required": [ - "success_ratio" - ], "type": "object" - }, - "history": { - "description": "History of the rule run.", + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { "items": { "additionalProperties": false, "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } + "required": [ + "dataset", + "type" + ], + "type": "object" }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", + "enabled": { + "type": "boolean" + }, + "id": { "type": "string" }, - "nullable": true, - "type": "array" + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } + "required": [ + "value" + ], + "type": "object" }, - "required": [ - "outcome", - "alerts_count" - ], + "description": "Package variable (see integration documentation for more information)", "type": "object" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" } }, "required": [ - "success", - "timestamp" + "type", + "enabled", + "streams", + "compiled_input" ], "type": "object" }, "type": "array" }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" }, - "type": "object" + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } + "type": "object" }, - "required": [ - "timestamp", - "metrics" - ], + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, "type": "object" } }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" + "type": "object" + } }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 + "required": [ + "data_stream", + "features" ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" + "type": "object" }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { "type": "string" } }, "required": [ - "dtstart", - "tzid" + "id" ], "type": "object" }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } + "type": "array" }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_disable": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "untrack": { - "description": "Defines whether this rule's alerts should be untracked.", - "type": "boolean" - } - }, - "type": "object", - "x-oas-optional": true + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } } } - } - }, - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Disable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_enable": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." }, "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Enable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_mute_all": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." }, "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Mute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_unmute_all": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } } } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } }, - "summary": "Unmute all alerts", + "summary": "", "tags": [ - "alerting" + "Fleet package policies" ] } }, - "/api/alerting/rule/{id}/_update_api_key": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0", + "/api/fleet/proxies": { + "get": { + "description": "List proxies", + "operationId": "get-fleet-proxies", "parameters": [ { "description": "The version of the API to use", @@ -5165,53 +38976,126 @@ ], "type": "string" } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } } ], "responses": { - "204": { - "description": "Indicates a successful call." + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } }, "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } } }, - "summary": "Update the API key for a rule", + "summary": "", "tags": [ - "alerting" + "Fleet proxies" ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { + }, "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0", + "description": "Create proxy", + "operationId": "post-fleet-proxies", "parameters": [ { "description": "The version of the API to use", @@ -5234,49 +39118,171 @@ "example": "true", "type": "string" } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url", + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } } }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } } } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } }, - "summary": "Mute an alert", + "summary": "", "tags": [ - "alerting" + "Fleet proxies" ] } }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { - "post": { - "operationId": "%2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0", + "/api/fleet/proxies/{itemId}": { + "delete": { + "description": "Delete proxy by ID", + "operationId": "delete-fleet-proxies-itemid", "parameters": [ { "description": "The version of the API to use", @@ -5301,18 +39307,8 @@ } }, { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", "in": "path", - "name": "alert_id", + "name": "itemId", "required": true, "schema": { "type": "string" @@ -5320,28 +39316,58 @@ } ], "responses": { - "204": { - "description": "Indicates a successful call." + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } }, "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } } }, - "summary": "Unmute an alert", + "summary": "", "tags": [ - "alerting" + "Fleet proxies" ] - } - }, - "/api/alerting/rules/_find": { + }, "get": { - "operationId": "%2Fapi%2Falerting%2Frules%2F_find#0", + "description": "Get proxy by ID", + "operationId": "get-fleet-proxies-itemid", "parameters": [ { "description": "The version of the API to use", @@ -5356,1060 +39382,1183 @@ } }, { - "description": "The number of rules to return per page.", - "in": "query", - "name": "per_page", - "required": false, - "schema": { - "default": 10, - "minimum": 0, - "type": "number" - } - }, - { - "description": "The page number to return.", - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "minimum": 1, - "type": "number" - } - }, - { - "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", - "in": "query", - "name": "search", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "The default operator to use for the simple_query_string.", - "in": "query", - "name": "default_search_operator", - "required": false, + "in": "path", + "name": "itemId", + "required": true, "schema": { - "default": "OR", - "enum": [ - "OR", - "AND" - ], "type": "string" } - }, - { - "description": "The fields to perform the simple_query_string parsed query against.", - "in": "query", - "name": "search_fields", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + } }, - "type": "array" - }, - { - "type": "string" + "required": [ + "item" + ], + "type": "object" } - ] - } - }, - { - "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", - "in": "query", - "name": "sort_field", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "Determines the sort order.", - "in": "query", - "name": "sort_order", - "required": false, - "schema": { - "enum": [ - "asc", - "desc" - ], - "type": "string" + } } }, - { - "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", - "in": "query", - "name": "has_reference", - "required": false, - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "id": { - "type": "string" - }, - "type": { - "type": "string" + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" } - }, - "required": [ - "type", - "id" - ], - "type": "object" + } } - }, + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + }, + "put": { + "description": "Update proxy by ID", + "operationId": "put-fleet-proxies-itemid", + "parameters": [ { - "in": "query", - "name": "fields", - "required": false, + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", "schema": { - "items": { - "description": "The fields to return in the `attributes` key of the response.", - "type": "string" - }, - "type": "array" + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" } }, { - "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", - "in": "query", - "name": "filter", - "required": false, + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, "schema": { + "example": "true", "type": "string" } }, { - "in": "query", - "name": "filter_consumers", - "required": false, + "in": "path", + "name": "itemId", + "required": true, "schema": { - "items": { - "description": "List of consumers to filter.", - "type": "string" - }, - "type": "array" + "type": "string" } } ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { "type": "number" } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" + ] }, - "execution_status": { + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "proxy_headers", + "certificate_authorities", + "certificate", + "certificate_key" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { "additionalProperties": false, "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" + "certificate": { + "nullable": true, + "type": "string" }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" + "certificate_authorities": { + "nullable": true, + "type": "string" }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", + "certificate_key": { + "nullable": true, "type": "string" }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], + "id": { "type": "string" }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] }, - "required": [ - "reason", - "message" - ], + "nullable": true, "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" + "url": { + "type": "string" } }, "required": [ - "look_back_window", - "status_change_threshold" + "id", + "url", + "name" ], "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + } + }, + "/api/fleet/service-tokens": { + "post": { + "description": "Create a service token", + "operationId": "post-fleet-service-tokens-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/service_tokens": { + "post": { + "description": "Create a service token", + "operationId": "post-fleet-service-tokens", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "remote": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" }, - "id": { - "description": "The identifier for the rule.", + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, + "message": { "type": "string" }, - "last_run": { + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet service tokens" + ] + } + }, + "/api/fleet/settings": { + "get": { + "description": "Get settings", + "operationId": "get-fleet-settings", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { "additionalProperties": false, - "nullable": true, "properties": { - "alerts_count": { + "delete_unenrolled_agents": { "additionalProperties": false, "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" + "enabled": { + "type": "boolean" }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" + "is_preconfigured": { + "type": "boolean" } }, + "required": [ + "enabled", + "is_preconfigured" + ], "type": "object" }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], + "fleet_server_hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "has_seen_add_data_notice": { + "type": "boolean" + }, + "id": { "type": "string" }, - "outcome_msg": { + "output_secret_storage_requirements_met": { + "type": "boolean" + }, + "preconfigured_fields": { "items": { - "description": "Outcome message generated during last rule run.", + "enum": [ + "fleet_server_hosts" + ], "type": "string" }, - "nullable": true, "type": "array" }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" + "prerelease_integrations_enabled": { + "type": "boolean" }, - "warning": { - "description": "Warning of last rule execution.", + "secret_storage_requirements_met": { + "type": "boolean" + }, + "use_space_awareness_migration_started_at": { + "type": "string" + }, + "use_space_awareness_migration_status": { "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" + "pending", + "success", + "error" ], - "nullable": true, + "type": "string" + }, + "version": { "type": "string" } }, "required": [ - "outcome", - "alerts_count" + "id" ], "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + }, + "put": { + "description": "Update settings", + "operationId": "put-fleet-settings", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "additional_yaml_config": { + "type": "string" + }, + "delete_unenrolled_agents": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "is_preconfigured" + ], + "type": "object" + }, + "fleet_server_hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "type": "array" + }, + "has_seen_add_data_notice": { + "type": "boolean" + }, + "kibana_ca_sha256": { + "type": "string" + }, + "kibana_urls": { + "items": { + "format": "uri", + "type": "string" }, - "monitoring": { + "type": "array" + }, + "prerelease_integrations_enabled": { + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { "additionalProperties": false, - "description": "Monitoring details of the rule.", "properties": { - "run": { + "delete_unenrolled_agents": { "additionalProperties": false, - "description": "Rule run details.", "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "additionalProperties": false, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" + "enabled": { + "type": "boolean" }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" + "is_preconfigured": { + "type": "boolean" } }, "required": [ - "history", - "calculated_metrics", - "last_run" + "enabled", + "is_preconfigured" ], "type": "object" + }, + "fleet_server_hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "has_seen_add_data_notice": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "output_secret_storage_requirements_met": { + "type": "boolean" + }, + "preconfigured_fields": { + "items": { + "enum": [ + "fleet_server_hosts" + ], + "type": "string" + }, + "type": "array" + }, + "prerelease_integrations_enabled": { + "type": "boolean" + }, + "secret_storage_requirements_met": { + "type": "boolean" + }, + "use_space_awareness_migration_started_at": { + "type": "string" + }, + "use_space_awareness_migration_status": { + "enum": [ + "pending", + "success", + "error" + ], + "type": "string" + }, + "version": { + "type": "string" } }, "required": [ - "run" + "id" ], "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/setup": { + "post": { + "description": "Initiate Fleet setup", + "operationId": "post-fleet-setup", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", + "properties": { + "isInitialized": { "type": "boolean" }, - "muted_alert_ids": { + "nonFatalErrors": { "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" }, "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, + } + }, + "required": [ + "isInitialized", + "nonFatalErrors" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, + "message": { "type": "string" }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", + "statusCode": { "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "500": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Internal Server Error", + "properties": { + "message": { "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/uninstall_tokens": { + "get": { + "description": "List metadata for latest uninstall tokens per agent policy", + "operationId": "get-fleet-uninstall-tokens", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "Partial match filtering for policy IDs", + "in": "query", + "name": "policyId", + "required": false, + "schema": { + "maxLength": 50, + "type": "string" + } + }, + { + "in": "query", + "name": "search", + "required": false, + "schema": { + "maxLength": 50, + "type": "string" + } + }, + { + "description": "The number of items to return", + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "minimum": 5, + "type": "number" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "minimum": 1, + "type": "number" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" }, - "skipRecurrences": { + "id": { + "type": "string" + }, + "namespaces": { "items": { - "description": "Skips recurrence of rule on this date.", "type": "string" }, "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_name": { + "nullable": true, + "type": "string" } }, "required": [ - "duration", - "rRule" + "id", + "policy_id", + "created_at" ], "type": "object" }, "type": "array" }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" + "page": { + "type": "number" }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" + "perPage": { + "type": "number" }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { "type": "string" }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, + "message": { "type": "string" }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" + "statusCode": { + "type": "number" } }, "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" + "message" ], "type": "object" } } - }, - "description": "Indicates a successful call." + } + } + }, + "summary": "", + "tags": [ + "Fleet uninstall tokens" + ] + } + }, + "/api/fleet/uninstall_tokens/{uninstallTokenId}": { + "get": { + "description": "Get one decrypted uninstall token by its ID", + "operationId": "get-fleet-uninstall-tokens-uninstalltokenid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } }, - "400": { - "description": "Indicates an invalid schema or parameters." + { + "in": "path", + "name": "uninstallTokenId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_name": { + "nullable": true, + "type": "string" + }, + "token": { + "type": "string" + } + }, + "required": [ + "id", + "policy_id", + "created_at", + "token" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } }, - "403": { - "description": "Indicates that this call is forbidden." + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } } }, - "summary": "Get information about rules", + "summary": "", "tags": [ - "alerting" + "Fleet uninstall tokens" ] } }, "/api/security/role": { "get": { - "operationId": "%2Fapi%2Fsecurity%2Frole#0", + "operationId": "get-security-role", "parameters": [ { "description": "The version of the API to use", @@ -6446,7 +40595,7 @@ }, "/api/security/role/{name}": { "delete": { - "operationId": "%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1", + "operationId": "delete-security-role-name", "parameters": [ { "description": "The version of the API to use", @@ -6491,7 +40640,7 @@ ] }, "get": { - "operationId": "%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0", + "operationId": "get-security-role-name", "parameters": [ { "description": "The version of the API to use", @@ -6537,7 +40686,7 @@ }, "put": { "description": "Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.", - "operationId": "%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2", + "operationId": "put-security-role-name", "parameters": [ { "description": "The version of the API to use", @@ -6856,7 +41005,7 @@ }, "/api/security/roles": { "post": { - "operationId": "%2Fapi%2Fsecurity%2Froles#0", + "operationId": "post-security-roles", "parameters": [ { "description": "The version of the API to use", @@ -7167,7 +41316,7 @@ "/api/spaces/_copy_saved_objects": { "post": { "description": "It also allows you to automatically copy related objects, so when you copy a dashboard, this can automatically copy over the associated visualizations, data views, and saved searches, as required. You can request to overwrite any objects that already exist in the target space if they share an identifier or you can use the resolve copy saved objects conflicts API to do this on a per-object basis.", - "operationId": "%2Fapi%2Fspaces%2F_copy_saved_objects#0", + "operationId": "post-spaces-copy-saved-objects", "parameters": [ { "description": "The version of the API to use", @@ -7265,7 +41414,7 @@ }, "/api/spaces/_disable_legacy_url_aliases": { "post": { - "operationId": "%2Fapi%2Fspaces%2F_disable_legacy_url_aliases#0", + "operationId": "post-spaces-disable-legacy-url-aliases", "parameters": [ { "description": "The version of the API to use", @@ -7341,7 +41490,7 @@ "/api/spaces/_get_shareable_references": { "post": { "description": "Collect references and space contexts for saved objects.", - "operationId": "%2Fapi%2Fspaces%2F_get_shareable_references#0", + "operationId": "post-spaces-get-shareable-references", "parameters": [ { "description": "The version of the API to use", @@ -7410,7 +41559,7 @@ "/api/spaces/_resolve_copy_saved_objects_errors": { "post": { "description": "Overwrite saved objects that are returned as errors from the copy saved objects to space API.", - "operationId": "%2Fapi%2Fspaces%2F_resolve_copy_saved_objects_errors#0", + "operationId": "post-spaces-resolve-copy-saved-objects-errors", "parameters": [ { "description": "The version of the API to use", @@ -7531,7 +41680,7 @@ "/api/spaces/_update_objects_spaces": { "post": { "description": "Update one or more saved objects to add or remove them from some spaces.", - "operationId": "%2Fapi%2Fspaces%2F_update_objects_spaces#0", + "operationId": "post-spaces-update-objects-spaces", "parameters": [ { "description": "The version of the API to use", @@ -7617,7 +41766,7 @@ }, "/api/spaces/space": { "get": { - "operationId": "%2Fapi%2Fspaces%2Fspace#0", + "operationId": "get-spaces-space", "parameters": [ { "description": "The version of the API to use", @@ -7697,7 +41846,7 @@ ] }, "post": { - "operationId": "%2Fapi%2Fspaces%2Fspace#1", + "operationId": "post-spaces-space", "parameters": [ { "description": "The version of the API to use", @@ -7798,7 +41947,7 @@ "/api/spaces/space/{id}": { "delete": { "description": "When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.", - "operationId": "%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2", + "operationId": "delete-spaces-space-id", "parameters": [ { "description": "The version of the API to use", @@ -7846,7 +41995,7 @@ ] }, "get": { - "operationId": "%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0", + "operationId": "get-spaces-space-id", "parameters": [ { "description": "The version of the API to use", @@ -7881,7 +42030,7 @@ ] }, "put": { - "operationId": "%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1", + "operationId": "put-spaces-space-id", "parameters": [ { "description": "The version of the API to use", @@ -7990,7 +42139,7 @@ }, "/api/status": { "get": { - "operationId": "%2Fapi%2Fstatus#0", + "operationId": "get-status", "parameters": [ { "description": "The version of the API to use", @@ -8085,6 +42234,54 @@ { "name": "connectors" }, + { + "name": "Data streams" + }, + { + "name": "Elastic Agent actions" + }, + { + "name": "Elastic Agent binary download sources" + }, + { + "name": "Elastic Agent policies" + }, + { + "name": "Elastic Agent status" + }, + { + "name": "Elastic Agents" + }, + { + "name": "Elastic Package Manager (EPM)" + }, + { + "name": "Fleet enrollment API keys" + }, + { + "name": "Fleet internals" + }, + { + "name": "Fleet outputs" + }, + { + "name": "Fleet package policies" + }, + { + "name": "Fleet proxies" + }, + { + "name": "Fleet Server hosts" + }, + { + "name": "Fleet service tokens" + }, + { + "name": "Fleet uninstall tokens" + }, + { + "name": "Message Signing Service" + }, { "name": "roles" }, diff --git a/oas_docs/bundle.serverless.json b/oas_docs/bundle.serverless.json new file mode 100644 index 0000000000000..fedad1196676d --- /dev/null +++ b/oas_docs/bundle.serverless.json @@ -0,0 +1,41826 @@ +{ + "components": { + "schemas": { + "core_status_redactedResponse": { + "additionalProperties": false, + "description": "A minimal representation of Kibana's operational status.", + "properties": { + "status": { + "additionalProperties": false, + "properties": { + "overall": { + "additionalProperties": false, + "properties": { + "level": { + "description": "Service status levels as human and machine readable values.", + "enum": [ + "available", + "degraded", + "unavailable", + "critical" + ], + "type": "string" + } + }, + "required": [ + "level" + ], + "type": "object" + } + }, + "required": [ + "overall" + ], + "type": "object" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "core_status_response": { + "additionalProperties": false, + "description": "Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request.", + "properties": { + "metrics": { + "additionalProperties": false, + "description": "Metric groups collected by Kibana.", + "properties": { + "collection_interval_in_millis": { + "description": "The interval at which metrics should be collected.", + "type": "number" + }, + "elasticsearch_client": { + "additionalProperties": false, + "description": "Current network metrics of Kibana's Elasticsearch client.", + "properties": { + "totalActiveSockets": { + "description": "Count of network sockets currently in use.", + "type": "number" + }, + "totalIdleSockets": { + "description": "Count of network sockets currently idle.", + "type": "number" + }, + "totalQueuedRequests": { + "description": "Count of requests not yet assigned to sockets.", + "type": "number" + } + }, + "required": [ + "totalActiveSockets", + "totalIdleSockets", + "totalQueuedRequests" + ], + "type": "object" + }, + "last_updated": { + "description": "The time metrics were collected.", + "type": "string" + } + }, + "required": [ + "elasticsearch_client", + "last_updated", + "collection_interval_in_millis" + ], + "type": "object" + }, + "name": { + "description": "Kibana instance name.", + "type": "string" + }, + "status": { + "additionalProperties": false, + "properties": { + "core": { + "additionalProperties": false, + "description": "Statuses of core Kibana services.", + "properties": { + "elasticsearch": { + "additionalProperties": false, + "properties": { + "detail": { + "description": "Human readable detail of the service status.", + "type": "string" + }, + "documentationUrl": { + "description": "A URL to further documentation regarding this service.", + "type": "string" + }, + "level": { + "description": "Service status levels as human and machine readable values.", + "enum": [ + "available", + "degraded", + "unavailable", + "critical" + ], + "type": "string" + }, + "meta": { + "additionalProperties": {}, + "description": "An unstructured set of extra metadata about this service.", + "type": "object" + }, + "summary": { + "description": "A human readable summary of the service status.", + "type": "string" + } + }, + "required": [ + "level", + "summary", + "meta" + ], + "type": "object" + }, + "savedObjects": { + "additionalProperties": false, + "properties": { + "detail": { + "description": "Human readable detail of the service status.", + "type": "string" + }, + "documentationUrl": { + "description": "A URL to further documentation regarding this service.", + "type": "string" + }, + "level": { + "description": "Service status levels as human and machine readable values.", + "enum": [ + "available", + "degraded", + "unavailable", + "critical" + ], + "type": "string" + }, + "meta": { + "additionalProperties": {}, + "description": "An unstructured set of extra metadata about this service.", + "type": "object" + }, + "summary": { + "description": "A human readable summary of the service status.", + "type": "string" + } + }, + "required": [ + "level", + "summary", + "meta" + ], + "type": "object" + } + }, + "required": [ + "elasticsearch", + "savedObjects" + ], + "type": "object" + }, + "overall": { + "additionalProperties": false, + "properties": { + "detail": { + "description": "Human readable detail of the service status.", + "type": "string" + }, + "documentationUrl": { + "description": "A URL to further documentation regarding this service.", + "type": "string" + }, + "level": { + "description": "Service status levels as human and machine readable values.", + "enum": [ + "available", + "degraded", + "unavailable", + "critical" + ], + "type": "string" + }, + "meta": { + "additionalProperties": {}, + "description": "An unstructured set of extra metadata about this service.", + "type": "object" + }, + "summary": { + "description": "A human readable summary of the service status.", + "type": "string" + } + }, + "required": [ + "level", + "summary", + "meta" + ], + "type": "object" + }, + "plugins": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "detail": { + "description": "Human readable detail of the service status.", + "type": "string" + }, + "documentationUrl": { + "description": "A URL to further documentation regarding this service.", + "type": "string" + }, + "level": { + "description": "Service status levels as human and machine readable values.", + "enum": [ + "available", + "degraded", + "unavailable", + "critical" + ], + "type": "string" + }, + "meta": { + "additionalProperties": {}, + "description": "An unstructured set of extra metadata about this service.", + "type": "object" + }, + "summary": { + "description": "A human readable summary of the service status.", + "type": "string" + } + }, + "required": [ + "level", + "summary", + "meta" + ], + "type": "object" + }, + "description": "A dynamic mapping of plugin ID to plugin status.", + "type": "object" + } + }, + "required": [ + "overall", + "core", + "plugins" + ], + "type": "object" + }, + "uuid": { + "description": "Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts.", + "type": "string" + }, + "version": { + "additionalProperties": false, + "properties": { + "build_date": { + "description": "The date and time of this build.", + "type": "string" + }, + "build_flavor": { + "description": "The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the \"traditional\" flavour, while other flavours are reserved for Elastic-specific use cases.", + "enum": [ + "serverless", + "traditional" + ], + "type": "string" + }, + "build_hash": { + "description": "A unique hash value representing the git commit of this Kibana build.", + "type": "string" + }, + "build_number": { + "description": "A monotonically increasing number, each subsequent build will have a higher number.", + "type": "number" + }, + "build_snapshot": { + "description": "Whether this build is a snapshot build.", + "type": "boolean" + }, + "number": { + "description": "A semantic version number.", + "type": "string" + } + }, + "required": [ + "number", + "build_hash", + "build_number", + "build_snapshot", + "build_flavor", + "build_date" + ], + "type": "object" + } + }, + "required": [ + "name", + "uuid", + "version", + "status", + "metrics" + ], + "type": "object" + } + }, + "securitySchemes": { + "apiKeyAuth": { + "in": "header", + "name": "Authorization", + "type": "apiKey" + }, + "basicAuth": { + "scheme": "basic", + "type": "http" + } + } + }, + "info": { + "title": "Kibana HTTP APIs", + "version": "0.0.0" + }, + "openapi": "3.0.0", + "paths": { + "/api/actions/connector/{id}": { + "delete": { + "description": "WARNING: When you delete a connector, it cannot be recovered.", + "operationId": "delete-actions-connector-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Delete a connector", + "tags": [ + "connectors" + ] + }, + "get": { + "operationId": "get-actions-connector-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector.", + "type": "string" + }, + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + } + }, + "required": [ + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Get connector information", + "tags": [ + "connectors" + ] + }, + "post": { + "operationId": "post-actions-connector-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "default": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector.", + "type": "string" + }, + "name": { + "description": "The display name for the connector.", + "type": "string" + }, + "secrets": { + "additionalProperties": {}, + "default": {}, + "type": "object" + } + }, + "required": [ + "name", + "connector_type_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector.", + "type": "string" + }, + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + } + }, + "required": [ + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Create a connector", + "tags": [ + "connectors" + ] + }, + "put": { + "operationId": "put-actions-connector-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "default": {}, + "type": "object" + }, + "name": { + "description": "The display name for the connector.", + "type": "string" + }, + "secrets": { + "additionalProperties": {}, + "default": {}, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector.", + "type": "string" + }, + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + } + }, + "required": [ + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Update a connector", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/connector/{id}/_execute": { + "post": { + "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", + "operationId": "post-actions-connector-id-execute", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "params": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "params" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector.", + "type": "string" + }, + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + } + }, + "required": [ + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Run a connector", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/connector_types": { + "get": { + "description": "You do not need any Kibana feature privileges to run this API.", + "operationId": "get-actions-connector-types", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", + "in": "query", + "name": "feature_id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get connector types", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/connectors": { + "get": { + "operationId": "get-actions-connectors", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get all connectors", + "tags": [ + "connectors" + ] + } + }, + "/api/alerting/rule/{id}": { + "delete": { + "operationId": "delete-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Delete a rule", + "tags": [ + "alerting" + ] + }, + "get": { + "operationId": "get-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Get rule details", + "tags": [ + "alerting" + ] + }, + "post": { + "operationId": "post-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "enabled": { + "default": true, + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "schedule": { + "additionalProperties": false, + "description": "The check interval, which specifies how frequently the rule conditions are checked.", + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "description": "The tags for the rule.", + "items": { + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "rule_type_id", + "consumer", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "409": { + "description": "Indicates that the rule id is already in use." + } + }, + "summary": "Create a rule", + "tags": [ + "alerting" + ] + }, + "put": { + "operationId": "put-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." + } + }, + "summary": "Update a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_disable": { + "post": { + "operationId": "post-alerting-rule-id-disable", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "untrack": { + "description": "Defines whether this rule's alerts should be untracked.", + "type": "boolean" + } + }, + "type": "object", + "x-oas-optional": true + } + } + } + }, + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Disable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_enable": { + "post": { + "operationId": "post-alerting-rule-id-enable", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Enable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_mute_all": { + "post": { + "operationId": "post-alerting-rule-id-mute-all", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Mute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_unmute_all": { + "post": { + "operationId": "post-alerting-rule-id-unmute-all", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Unmute all alerts", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_update_api_key": { + "post": { + "operationId": "post-alerting-rule-id-update-api-key", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." + } + }, + "summary": "Update the API key for a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { + "post": { + "operationId": "post-alerting-rule-rule-id-alert-alert-id-mute", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." + } + }, + "summary": "Mute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { + "post": { + "operationId": "post-alerting-rule-rule-id-alert-alert-id-unmute", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", + "in": "path", + "name": "alert_id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." + } + }, + "summary": "Unmute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rules/_find": { + "get": { + "operationId": "get-alerting-rules-find", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The number of rules to return per page.", + "in": "query", + "name": "per_page", + "required": false, + "schema": { + "default": 10, + "minimum": 0, + "type": "number" + } + }, + { + "description": "The page number to return.", + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "minimum": 1, + "type": "number" + } + }, + { + "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", + "in": "query", + "name": "search", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "The default operator to use for the simple_query_string.", + "in": "query", + "name": "default_search_operator", + "required": false, + "schema": { + "default": "OR", + "enum": [ + "OR", + "AND" + ], + "type": "string" + } + }, + { + "description": "The fields to perform the simple_query_string parsed query against.", + "in": "query", + "name": "search_fields", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", + "in": "query", + "name": "sort_field", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "Determines the sort order.", + "in": "query", + "name": "sort_order", + "required": false, + "schema": { + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + }, + { + "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", + "in": "query", + "name": "has_reference", + "required": false, + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "id" + ], + "type": "object" + } + }, + { + "in": "query", + "name": "fields", + "required": false, + "schema": { + "items": { + "description": "The fields to return in the `attributes` key of the response.", + "type": "string" + }, + "type": "array" + } + }, + { + "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", + "in": "query", + "name": "filter", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "filter_consumers", + "required": false, + "schema": { + "items": { + "description": "List of consumers to filter.", + "type": "string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "nullable": true, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "nullable": true, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + } + }, + "summary": "Get information about rules", + "tags": [ + "alerting" + ] + } + }, + "/api/fleet/agent-status": { + "get": { + "operationId": "get-fleet-agent-status-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "policyId", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "policyIds", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "deprecated": true, + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/agent_download_sources": { + "get": { + "description": "List agent binary download sources", + "operationId": "get-fleet-agent-download-sources", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + }, + "post": { + "description": "Create agent binary download source", + "operationId": "post-fleet-agent-download-sources", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "host" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + } + }, + "/api/fleet/agent_download_sources/{sourceId}": { + "delete": { + "description": "Delete agent binary download source by ID", + "operationId": "delete-fleet-agent-download-sources-sourceid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + }, + "get": { + "description": "Get agent binary download source by ID", + "operationId": "get-fleet-agent-download-sources-sourceid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + }, + "put": { + "description": "Update agent binary download source by ID", + "operationId": "put-fleet-agent-download-sources-sourceid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "sourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "host" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent binary download sources" + ] + } + }, + "/api/fleet/agent_policies": { + "get": { + "description": "List agent policies", + "operationId": "get-fleet-agent-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "sortField", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "enum": [ + "desc", + "asc" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "showUpgradeable", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "use withAgentCount instead", + "in": "query", + "name": "noAgentCount", + "required": false, + "schema": { + "deprecated": true, + "type": "boolean" + } + }, + { + "description": "get policies with agent count", + "in": "query", + "name": "withAgentCount", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "description": "get full policies with package policies populated", + "in": "query", + "name": "full", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + }, + "post": { + "description": "Create an agent policy", + "operationId": "post-fleet-agent-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "sys_monitoring", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "force": { + "type": "boolean" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_protected": { + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/_bulk_get": { + "post": { + "description": "Bulk get agent policies", + "operationId": "post-fleet-agent-policies-bulk-get", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "full": { + "description": "get full policies with package policies populated", + "type": "boolean" + }, + "ids": { + "description": "list of package policy ids", + "items": { + "type": "string" + }, + "type": "array" + }, + "ignoreMissing": { + "type": "boolean" + } + }, + "required": [ + "ids" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/delete": { + "post": { + "description": "Delete agent policy by ID", + "operationId": "post-fleet-agent-policies-delete", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agentPolicyId": { + "type": "string" + }, + "force": { + "description": "bypass validation checks that can prevent agent policy deletion", + "type": "boolean" + } + }, + "required": [ + "agentPolicyId" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/outputs": { + "post": { + "description": "Get list of outputs associated with agent policies", + "operationId": "post-fleet-agent-policies-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "ids": { + "description": "list of package policy ids", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "ids" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "agentPolicyId": { + "type": "string" + }, + "data": { + "additionalProperties": false, + "properties": { + "integrations": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "integrationPolicyName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pkgName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "properties": { + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + } + }, + "required": [ + "monitoring", + "data" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}": { + "get": { + "description": "Get an agent policy by ID", + "operationId": "get-fleet-agent-policies-agentpolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + }, + "put": { + "description": "Update an agent policy by ID", + "operationId": "put-fleet-agent-policies-agentpolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "force": { + "type": "boolean" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_protected": { + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/copy": { + "post": { + "description": "Copy an agent policy by ID", + "operationId": "post-fleet-agent-policies-agentpolicyid-copy", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "name": { + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "advanced_settings": { + "additionalProperties": false, + "properties": { + "agent_download_target_directory": { + "nullable": true + }, + "agent_download_timeout": { + "default": "2h", + "nullable": true + }, + "agent_limits_go_max_procs": { + "nullable": true + }, + "agent_logging_level": { + "default": "info", + "nullable": true + }, + "agent_logging_metrics_period": { + "default": "30s", + "nullable": true + } + }, + "type": "object" + }, + "agent_features": { + "items": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "agents": { + "type": "number" + }, + "data_output_id": { + "nullable": true, + "type": "string" + }, + "description": { + "type": "string" + }, + "download_source_id": { + "nullable": true, + "type": "string" + }, + "fleet_server_host_id": { + "nullable": true, + "type": "string" + }, + "global_data_tags": { + "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "has_fleet_server": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inactivity_timeout": { + "default": 1209600, + "minimum": 0, + "type": "number" + }, + "is_default": { + "type": "boolean" + }, + "is_default_fleet_server": { + "type": "boolean" + }, + "is_managed": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "is_protected": { + "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", + "type": "boolean" + }, + "keep_monitoring_alive": { + "default": false, + "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", + "nullable": true, + "type": "boolean" + }, + "monitoring_diagnostics": { + "additionalProperties": false, + "properties": { + "limit": { + "additionalProperties": false, + "properties": { + "burst": { + "type": "number" + }, + "interval": { + "type": "string" + } + }, + "type": "object" + }, + "uploader": { + "additionalProperties": false, + "properties": { + "init_dur": { + "type": "string" + }, + "max_dur": { + "type": "string" + }, + "max_retries": { + "type": "number" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "monitoring_enabled": { + "items": { + "enum": [ + "logs", + "metrics", + "traces" + ], + "type": "string" + }, + "type": "array" + }, + "monitoring_http": { + "additionalProperties": false, + "properties": { + "buffer": { + "additionalProperties": false, + "properties": { + "enabled": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "host": { + "type": "string" + }, + "port": { + "maximum": 65353, + "minimum": 0, + "type": "number" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "monitoring_output_id": { + "nullable": true, + "type": "string" + }, + "monitoring_pprof_enabled": { + "type": "boolean" + }, + "name": { + "minLength": 1, + "type": "string" + }, + "namespace": { + "minLength": 1, + "type": "string" + }, + "overrides": { + "additionalProperties": {}, + "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "type": "object" + }, + "package_policies": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + ] + }, + "revision": { + "type": "number" + }, + "schema_version": { + "type": "string" + }, + "space_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "status": { + "enum": [ + "active", + "inactive" + ], + "type": "string" + }, + "supports_agentless": { + "default": false, + "description": "Indicates whether the agent policy supports agentless integrations.", + "nullable": true, + "type": "boolean" + }, + "unenroll_timeout": { + "minimum": 0, + "type": "number" + }, + "unprivileged_agents": { + "type": "number" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "namespace", + "is_managed", + "is_protected", + "status", + "updated_at", + "updated_by", + "revision" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/download": { + "get": { + "description": "Download an agent policy by ID", + "operationId": "get-fleet-agent-policies-agentpolicyid-download", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "standalone", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kubernetes", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/full": { + "get": { + "description": "Get a full agent policy by ID", + "operationId": "get-fleet-agent-policies-agentpolicyid-full", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "standalone", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kubernetes", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": false, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "download": { + "additionalProperties": false, + "properties": { + "sourceURI": { + "type": "string" + } + }, + "required": [ + "sourceURI" + ], + "type": "object" + }, + "features": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "logs": { + "type": "boolean" + }, + "metrics": { + "type": "boolean" + }, + "namespace": { + "type": "string" + }, + "traces": { + "type": "boolean" + }, + "use_output": { + "type": "string" + } + }, + "required": [ + "enabled", + "metrics", + "logs", + "traces" + ], + "type": "object" + }, + "protection": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "signing_key": { + "type": "string" + }, + "uninstall_token_hash": { + "type": "string" + } + }, + "required": [ + "enabled", + "uninstall_token_hash", + "signing_key" + ], + "type": "object" + } + }, + "required": [ + "monitoring", + "download", + "features" + ], + "type": "object" + }, + "fleet": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "proxy_headers": {}, + "proxy_url": { + "type": "string" + }, + "ssl": { + "additionalProperties": false, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "renegotiation": { + "type": "string" + }, + "verification_mode": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "hosts", + "proxy_headers" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "kibana": { + "additionalProperties": false, + "properties": { + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "path": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "required": [ + "hosts", + "protocol" + ], + "type": "object" + } + }, + "required": [ + "kibana" + ], + "type": "object" + } + ] + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "namespace": { + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "meta": { + "additionalProperties": true, + "properties": { + "package": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "package_policy_id": { + "type": "string" + }, + "processors": { + "items": { + "additionalProperties": true, + "properties": { + "add_fields": { + "additionalProperties": true, + "properties": { + "fields": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "type": "object" + }, + "target": { + "type": "string" + } + }, + "required": [ + "target", + "fields" + ], + "type": "object" + } + }, + "required": [ + "add_fields" + ], + "type": "object" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "streams": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "dataset": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset" + ], + "type": "object" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "data_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "use_output": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "revision", + "type", + "data_stream", + "use_output", + "package_policy_id" + ], + "type": "object" + }, + "type": "array" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "output_permissions": { + "additionalProperties": { + "additionalProperties": {}, + "type": "object" + }, + "type": "object" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": true, + "properties": { + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "proxy_headers": {}, + "proxy_url": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "proxy_headers" + ], + "type": "object" + }, + "type": "object" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "signed": { + "additionalProperties": false, + "properties": { + "data": { + "type": "string" + }, + "signature": { + "type": "string" + } + }, + "required": [ + "data", + "signature" + ], + "type": "object" + } + }, + "required": [ + "id", + "outputs", + "inputs" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_policies/{agentPolicyId}/outputs": { + "get": { + "description": "Get list of outputs associated with agent policy by policy id", + "operationId": "get-fleet-agent-policies-agentpolicyid-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentPolicyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "agentPolicyId": { + "type": "string" + }, + "data": { + "additionalProperties": false, + "properties": { + "integrations": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "integrationPolicyName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pkgName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "properties": { + "output": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + }, + "required": [ + "output" + ], + "type": "object" + } + }, + "required": [ + "monitoring", + "data" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/agent_status": { + "get": { + "description": "Get agent status summary", + "operationId": "get-fleet-agent-status", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "policyId", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "policyIds", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "deprecated": true, + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "results": { + "additionalProperties": false, + "properties": { + "active": { + "type": "number" + }, + "all": { + "type": "number" + }, + "error": { + "type": "number" + }, + "events": { + "type": "number" + }, + "inactive": { + "type": "number" + }, + "offline": { + "type": "number" + }, + "online": { + "type": "number" + }, + "other": { + "type": "number" + }, + "total": { + "deprecated": true, + "type": "number" + }, + "unenrolled": { + "type": "number" + }, + "updating": { + "type": "number" + } + }, + "required": [ + "events", + "total", + "online", + "error", + "offline", + "other", + "updating", + "inactive", + "unenrolled", + "all", + "active" + ], + "type": "object" + } + }, + "required": [ + "results" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent status" + ] + } + }, + "/api/fleet/agent_status/data": { + "get": { + "description": "Get incoming agent data", + "operationId": "get-fleet-agent-status-data", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "agentsIds", + "required": true, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + } + }, + { + "in": "query", + "name": "previewData", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "dataPreview": { + "items": {}, + "type": "array" + }, + "items": { + "items": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "data": { + "type": "boolean" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items", + "dataPreview" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents": { + "get": { + "description": "List agents", + "operationId": "get-fleet-agents", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "showInactive", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "withMetrics", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "showUpgradeable", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "getStatusSummary", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "sortField", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + }, + "type": "array" + }, + "list": { + "deprecated": true, + "items": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "statusSummary": { + "additionalProperties": { + "type": "number" + }, + "type": "object" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "post": { + "description": "List agents by action ids", + "operationId": "post-fleet-agents", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "actionIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/action_status": { + "get": { + "description": "Get agent action status", + "operationId": "get-fleet-agents-action-status", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 0, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "date", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "latest", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "errorSize", + "required": false, + "schema": { + "default": 5, + "type": "number" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + }, + "cancellationTime": { + "type": "string" + }, + "completionTime": { + "type": "string" + }, + "creationTime": { + "description": "creation time of action", + "type": "string" + }, + "expiration": { + "type": "string" + }, + "hasRolloutPeriod": { + "type": "boolean" + }, + "latestErrors": { + "items": { + "additionalProperties": false, + "description": "latest errors that happened when the agents executed the action", + "properties": { + "agentId": { + "type": "string" + }, + "error": { + "type": "string" + }, + "hostname": { + "type": "string" + }, + "timestamp": { + "type": "string" + } + }, + "required": [ + "agentId", + "error", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "nbAgentsAck": { + "description": "number of agents that acknowledged the action", + "type": "number" + }, + "nbAgentsActionCreated": { + "description": "number of agents included in action from kibana", + "type": "number" + }, + "nbAgentsActioned": { + "description": "number of agents actioned", + "type": "number" + }, + "nbAgentsFailed": { + "description": "number of agents that failed to execute the action", + "type": "number" + }, + "newPolicyId": { + "description": "new policy id (POLICY_REASSIGN action)", + "type": "string" + }, + "policyId": { + "description": "policy id (POLICY_CHANGE action)", + "type": "string" + }, + "revision": { + "description": "new policy revision (POLICY_CHANGE action)", + "type": "number" + }, + "startTime": { + "description": "start time of action (scheduled actions)", + "type": "string" + }, + "status": { + "enum": [ + "COMPLETE", + "EXPIRED", + "CANCELLED", + "FAILED", + "IN_PROGRESS", + "ROLLOUT_PASSED" + ], + "type": "string" + }, + "type": { + "enum": [ + "UPGRADE", + "UNENROLL", + "SETTINGS", + "POLICY_REASSIGN", + "CANCEL", + "FORCE_UNENROLL", + "REQUEST_DIAGNOSTICS", + "UPDATE_TAGS", + "POLICY_CHANGE", + "INPUT_ACTION" + ], + "type": "string" + }, + "version": { + "description": "agent version number (UPGRADE action)", + "type": "string" + } + }, + "required": [ + "actionId", + "nbAgentsActionCreated", + "nbAgentsAck", + "nbAgentsFailed", + "type", + "nbAgentsActioned", + "status", + "creationTime" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/actions/{actionId}/cancel": { + "post": { + "description": "Cancel agent action", + "operationId": "post-fleet-agents-actions-actionid-cancel", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "actionId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "ack_data": {}, + "agents": { + "items": { + "type": "string" + }, + "type": "array" + }, + "created_at": { + "type": "string" + }, + "data": {}, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "minimum_execution_duration": { + "type": "number" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "rollout_duration_seconds": { + "type": "number" + }, + "sent_at": { + "type": "string" + }, + "source_uri": { + "type": "string" + }, + "start_time": { + "type": "string" + }, + "total": { + "type": "number" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "data", + "created_at", + "ack_data", + "agents" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/available_versions": { + "get": { + "description": "Get available agent versions", + "operationId": "get-fleet-agents-available-versions", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/bulk_reassign": { + "post": { + "description": "Bulk reassign agents", + "operationId": "post-fleet-agents-bulk-reassign", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "includeInactive": { + "default": false, + "type": "boolean" + }, + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id", + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_request_diagnostics": { + "post": { + "description": "Bulk request diagnostics from agents", + "operationId": "post-fleet-agents-bulk-request-diagnostics", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "additional_metrics": { + "items": { + "enum": [ + "CPU" + ], + "type": "string" + }, + "type": "array" + }, + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + } + }, + "required": [ + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_unenroll": { + "post": { + "description": "Bulk unenroll agents", + "operationId": "post-fleet-agents-bulk-unenroll", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "description": "KQL query string, leave empty to action all agents", + "type": "string" + }, + "type": "array" + }, + { + "description": "list of agent IDs", + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "force": { + "description": "Unenrolls hosted agents too", + "type": "boolean" + }, + "includeInactive": { + "description": "When passing agents by KQL query, unenrolls inactive agents too", + "type": "boolean" + }, + "revoke": { + "description": "Revokes API keys of agents", + "type": "boolean" + } + }, + "required": [ + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_update_agent_tags": { + "post": { + "description": "Bulk update agent tags", + "operationId": "post-fleet-agents-bulk-update-agent-tags", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "includeInactive": { + "default": false, + "type": "boolean" + }, + "tagsToAdd": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tagsToRemove": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "agents" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/bulk_upgrade": { + "post": { + "description": "Bulk upgrade agents", + "operationId": "post-fleet-agents-bulk-upgrade", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "agents": { + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "string" + } + ] + }, + "batchSize": { + "type": "number" + }, + "force": { + "type": "boolean" + }, + "includeInactive": { + "default": false, + "type": "boolean" + }, + "rollout_duration_seconds": { + "minimum": 600, + "type": "number" + }, + "skipRateLimitCheck": { + "type": "boolean" + }, + "source_uri": { + "type": "string" + }, + "start_time": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "agents", + "version" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/files/{fileId}": { + "delete": { + "description": "Delete file uploaded by agent", + "operationId": "delete-fleet-agents-files-fileid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "fileId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "deleted": { + "type": "boolean" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "deleted" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/files/{fileId}/{fileName}": { + "get": { + "description": "Get file uploaded by agent", + "operationId": "get-fleet-agents-files-fileid-filename", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "fileId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "fileName", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/setup": { + "get": { + "description": "Get agent setup info", + "operationId": "get-fleet-agents-setup", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.", + "properties": { + "isReady": { + "type": "boolean" + }, + "is_secrets_storage_enabled": { + "type": "boolean" + }, + "is_space_awareness_enabled": { + "type": "boolean" + }, + "missing_optional_features": { + "items": { + "enum": [ + "encrypted_saved_object_encryption_key_required" + ], + "type": "string" + }, + "type": "array" + }, + "missing_requirements": { + "items": { + "enum": [ + "security_required", + "tls_required", + "api_keys", + "fleet_admin_user", + "fleet_server" + ], + "type": "string" + }, + "type": "array" + }, + "package_verification_key_id": { + "type": "string" + } + }, + "required": [ + "isReady", + "missing_requirements", + "missing_optional_features" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "post": { + "description": "Initiate agent setup", + "operationId": "post-fleet-agents-setup", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", + "properties": { + "isInitialized": { + "type": "boolean" + }, + "nonFatalErrors": { + "items": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "isInitialized", + "nonFatalErrors" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/tags": { + "get": { + "description": "List agent tags", + "operationId": "get-fleet-agents-tags", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "showInactive", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/{agentId}": { + "delete": { + "description": "Delete agent by ID", + "operationId": "delete-fleet-agents-agentid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "enum": [ + "deleted" + ], + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "get": { + "description": "Get agent by ID", + "operationId": "get-fleet-agents-agentid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "withMetrics", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + }, + "put": { + "description": "Update agent by ID", + "operationId": "put-fleet-agents-agentid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "access_api_key": { + "type": "string" + }, + "access_api_key_id": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "agent": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "version" + ], + "type": "object" + }, + "components": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "type": "string" + }, + "units": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "message": { + "type": "string" + }, + "payload": { + "additionalProperties": {}, + "type": "object" + }, + "status": { + "enum": [ + "STARTING", + "CONFIGURING", + "HEALTHY", + "DEGRADED", + "FAILED", + "STOPPING", + "STOPPED" + ], + "type": "string" + }, + "type": { + "enum": [ + "input", + "output" + ], + "type": "string" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "id", + "type", + "status", + "message" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key": { + "type": "string" + }, + "default_api_key_history": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "default_api_key_id": { + "type": "string" + }, + "enrolled_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "last_checkin": { + "type": "string" + }, + "last_checkin_message": { + "type": "string" + }, + "last_checkin_status": { + "enum": [ + "error", + "online", + "degraded", + "updating", + "starting" + ], + "type": "string" + }, + "local_metadata": { + "additionalProperties": {}, + "type": "object" + }, + "metrics": { + "additionalProperties": false, + "properties": { + "cpu_avg": { + "type": "number" + }, + "memory_size_byte_avg": { + "type": "number" + } + }, + "type": "object" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "outputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "api_key_id": { + "type": "string" + }, + "to_retire_api_key_ids": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "retired_at": { + "type": "string" + } + }, + "required": [ + "id", + "retired_at" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "api_key_id", + "type" + ], + "type": "object" + }, + "type": "object" + }, + "packages": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_revision": { + "nullable": true, + "type": "number" + }, + "sort": { + "items": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "enum": [], + "nullable": true + } + ] + }, + "type": "array" + }, + "status": { + "enum": [ + "offline", + "error", + "online", + "inactive", + "enrolling", + "unenrolling", + "unenrolled", + "updating", + "degraded" + ], + "type": "string" + }, + "tags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "enum": [ + "PERMANENT", + "EPHEMERAL", + "TEMPORARY" + ], + "type": "string" + }, + "unenrolled_at": { + "type": "string" + }, + "unenrollment_started_at": { + "type": "string" + }, + "unhealthy_reason": { + "items": { + "enum": [ + "input", + "output", + "other" + ], + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "upgrade_details": { + "additionalProperties": false, + "properties": { + "action_id": { + "type": "string" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "download_percent": { + "type": "number" + }, + "download_rate": { + "type": "number" + }, + "error_msg": { + "type": "string" + }, + "failed_state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "retry_error_msg": { + "type": "string" + }, + "retry_until": { + "type": "string" + }, + "scheduled_at": { + "type": "string" + } + }, + "type": "object" + }, + "state": { + "enum": [ + "UPG_REQUESTED", + "UPG_SCHEDULED", + "UPG_DOWNLOADING", + "UPG_EXTRACTING", + "UPG_REPLACING", + "UPG_RESTARTING", + "UPG_FAILED", + "UPG_WATCHING", + "UPG_ROLLBACK" + ], + "type": "string" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "target_version", + "action_id", + "state" + ], + "type": "object" + }, + "upgrade_started_at": { + "nullable": true, + "type": "string" + }, + "upgraded_at": { + "nullable": true, + "type": "string" + }, + "user_provided_metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "id", + "packages", + "type", + "active", + "enrolled_at", + "local_metadata" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/agents/{agentId}/actions": { + "post": { + "description": "Create agent action", + "operationId": "post-fleet-agents-agentid-actions", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "ack_data": {}, + "data": {}, + "type": { + "enum": [ + "UNENROLL", + "UPGRADE", + "POLICY_REASSIGN" + ], + "type": "string" + } + }, + "required": [ + "type", + "data", + "ack_data" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "data": { + "additionalProperties": false, + "properties": { + "log_level": { + "enum": [ + "debug", + "info", + "warning", + "error" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "log_level" + ], + "type": "object" + }, + "type": { + "enum": [ + "SETTINGS" + ], + "type": "string" + } + }, + "required": [ + "type", + "data" + ], + "type": "object" + } + ] + } + }, + "required": [ + "action" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "ack_data": {}, + "agents": { + "items": { + "type": "string" + }, + "type": "array" + }, + "created_at": { + "type": "string" + }, + "data": {}, + "expiration": { + "type": "string" + }, + "id": { + "type": "string" + }, + "minimum_execution_duration": { + "type": "number" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "rollout_duration_seconds": { + "type": "number" + }, + "sent_at": { + "type": "string" + }, + "source_uri": { + "type": "string" + }, + "start_time": { + "type": "string" + }, + "total": { + "type": "number" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "data", + "created_at", + "ack_data", + "agents" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/reassign": { + "post": { + "description": "Reassign agent", + "operationId": "post-fleet-agents-agentid-reassign", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": {}, + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + }, + "put": { + "operationId": "put-fleet-agents-agentid-reassign", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/agents/{agentId}/request_diagnostics": { + "post": { + "description": "Request agent diagnostics", + "operationId": "post-fleet-agents-agentid-request-diagnostics", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "additional_metrics": { + "items": { + "enum": [ + "CPU" + ], + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + } + }, + "required": [ + "actionId" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/unenroll": { + "post": { + "description": "Unenroll agent", + "operationId": "post-fleet-agents-agentid-unenroll", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + }, + "revoke": { + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/upgrade": { + "post": { + "description": "Upgrade agent", + "operationId": "post-fleet-agents-agentid-upgrade", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "force": { + "type": "boolean" + }, + "skipRateLimitCheck": { + "type": "boolean" + }, + "source_uri": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "version" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": {}, + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent actions" + ] + } + }, + "/api/fleet/agents/{agentId}/uploads": { + "get": { + "description": "List agent uploads", + "operationId": "get-fleet-agents-agentid-uploads", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "agentId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "actionId": { + "type": "string" + }, + "createTime": { + "type": "string" + }, + "error": { + "type": "string" + }, + "filePath": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "enum": [ + "READY", + "AWAITING_UPLOAD", + "DELETED", + "EXPIRED", + "IN_PROGRESS", + "FAILED" + ], + "type": "string" + } + }, + "required": [ + "id", + "name", + "filePath", + "createTime", + "status", + "actionId" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agents" + ] + } + }, + "/api/fleet/check-permissions": { + "get": { + "description": "Check permissions", + "operationId": "get-fleet-check-permissions", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "fleetServerSetup", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "error": { + "enum": [ + "MISSING_SECURITY", + "MISSING_PRIVILEGES", + "MISSING_FLEET_SERVER_SETUP_PRIVILEGES" + ], + "type": "string" + }, + "success": { + "type": "boolean" + } + }, + "required": [ + "success" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/data_streams": { + "get": { + "description": "List data streams", + "operationId": "get-fleet-data-streams", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "data_streams": { + "items": { + "additionalProperties": false, + "properties": { + "dashboards": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "id", + "title" + ], + "type": "object" + }, + "type": "array" + }, + "dataset": { + "type": "string" + }, + "index": { + "type": "string" + }, + "last_activity_ms": { + "type": "number" + }, + "namespace": { + "type": "string" + }, + "package": { + "type": "string" + }, + "package_version": { + "type": "string" + }, + "serviceDetails": { + "additionalProperties": false, + "nullable": true, + "properties": { + "environment": { + "type": "string" + }, + "serviceName": { + "type": "string" + } + }, + "required": [ + "environment", + "serviceName" + ], + "type": "object" + }, + "size_in_bytes": { + "type": "number" + }, + "size_in_bytes_formatted": { + "anyOf": [ + { + "type": "number" + }, + { + "type": "string" + } + ] + }, + "type": { + "type": "string" + } + }, + "required": [ + "index", + "dataset", + "namespace", + "type", + "package", + "package_version", + "last_activity_ms", + "size_in_bytes", + "size_in_bytes_formatted", + "dashboards", + "serviceDetails" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "data_streams" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Data streams" + ] + } + }, + "/api/fleet/enrollment-api-keys": { + "get": { + "operationId": "get-fleet-enrollment-api-keys-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + }, + "post": { + "operationId": "post-fleet-enrollment-api-keys-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "expiration": { + "type": "string" + }, + "name": { + "type": "string" + }, + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/enrollment-api-keys/{keyId}": { + "delete": { + "operationId": "delete-fleet-enrollment-api-keys-keyid-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + }, + "get": { + "operationId": "get-fleet-enrollment-api-keys-keyid-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/enrollment_api_keys": { + "get": { + "description": "List enrollment API keys", + "operationId": "get-fleet-enrollment-api-keys", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 20, + "type": "number" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + }, + "type": "array" + }, + "list": { + "deprecated": true, + "items": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage", + "list" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + }, + "post": { + "description": "Create enrollment API key", + "operationId": "post-fleet-enrollment-api-keys", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "expiration": { + "type": "string" + }, + "name": { + "type": "string" + }, + "policy_id": { + "type": "string" + } + }, + "required": [ + "policy_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "enum": [ + "created" + ], + "type": "string" + }, + "item": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + } + }, + "required": [ + "item", + "action" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + } + }, + "/api/fleet/enrollment_api_keys/{keyId}": { + "delete": { + "description": "Revoke enrollment API key by ID by marking it as inactive", + "operationId": "delete-fleet-enrollment-api-keys-keyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "action": { + "enum": [ + "deleted" + ], + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + }, + "get": { + "description": "Get enrollment API key by ID", + "operationId": "get-fleet-enrollment-api-keys-keyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "keyId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "active": { + "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", + "type": "boolean" + }, + "api_key": { + "description": "The enrollment API key (token) used for enrolling Elastic Agents.", + "type": "string" + }, + "api_key_id": { + "description": "The ID of the API key in the Security API.", + "type": "string" + }, + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "name": { + "description": "The name of the enrollment API key.", + "type": "string" + }, + "policy_id": { + "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", + "type": "string" + } + }, + "required": [ + "id", + "api_key_id", + "api_key", + "active", + "created_at" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet enrollment API keys" + ] + } + }, + "/api/fleet/epm/bulk_assets": { + "post": { + "description": "Bulk get assets", + "operationId": "post-fleet-epm-bulk-assets", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "assetIds": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "assetIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "appLink": { + "type": "string" + }, + "attributes": { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "service": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "type": "object" + }, + "id": { + "type": "string" + }, + "type": { + "type": "string" + }, + "updatedAt": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "attributes" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/categories": { + "get": { + "description": "List package categories", + "operationId": "get-fleet-epm-categories", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "experimental", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "include_policy_templates", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "count": { + "type": "number" + }, + "id": { + "type": "string" + }, + "parent_id": { + "type": "string" + }, + "parent_title": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "id", + "title", + "count" + ], + "type": "object" + }, + "type": "array" + }, + "response": { + "items": { + "additionalProperties": false, + "deprecated": true, + "properties": { + "count": { + "type": "number" + }, + "id": { + "type": "string" + }, + "parent_id": { + "type": "string" + }, + "parent_title": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "id", + "title", + "count" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/custom_integrations": { + "post": { + "description": "Create custom integration", + "operationId": "post-fleet-epm-custom-integrations", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "datasets": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "type": { + "enum": [ + "logs", + "metrics", + "traces", + "synthetics", + "profiling" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "force": { + "type": "boolean" + }, + "integrationName": { + "type": "string" + } + }, + "required": [ + "integrationName", + "datasets" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_meta": { + "additionalProperties": false, + "properties": { + "install_source": { + "type": "string" + } + }, + "required": [ + "install_source" + ], + "type": "object" + }, + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items", + "_meta" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/data_streams": { + "get": { + "description": "List data streams", + "operationId": "get-fleet-epm-data-streams", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "type", + "required": false, + "schema": { + "enum": [ + "logs", + "metrics", + "traces", + "synthetics", + "profiling" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "datasetQuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "default": "asc", + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "uncategorisedOnly", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Data streams" + ] + } + }, + "/api/fleet/epm/packages": { + "get": { + "description": "List packages", + "operationId": "get-fleet-epm-packages", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "category", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "experimental", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "excludeInstallStatus", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": true, + "properties": { + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "id": { + "type": "string" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "integration": { + "type": "string" + }, + "internal": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "name": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "id" + ], + "type": "object" + }, + "type": "array" + }, + "response": { + "items": { + "additionalProperties": true, + "deprecated": true, + "properties": { + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "id": { + "type": "string" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "integration": { + "type": "string" + }, + "internal": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "name": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "id" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "post": { + "description": "Install package by upload", + "operationId": "post-fleet-epm-packages", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "ignoreMappingUpdateErrors", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "skipDataStreamRollover", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { + "schema": { + "format": "binary", + "type": "string" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_meta": { + "additionalProperties": false, + "properties": { + "install_source": { + "type": "string" + } + }, + "required": [ + "install_source" + ], + "type": "object" + }, + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items", + "_meta" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/_bulk": { + "post": { + "description": "Bulk install packages", + "operationId": "post-fleet-epm-packages-bulk", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "force": { + "default": false, + "type": "boolean" + }, + "packages": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "prerelease": { + "type": "boolean" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + } + ] + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "packages" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "result": { + "additionalProperties": false, + "properties": { + "assets": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "error": {}, + "installSource": { + "type": "string" + }, + "installType": { + "type": "string" + }, + "status": { + "enum": [ + "installed", + "already_installed" + ], + "type": "string" + } + }, + "required": [ + "error", + "installType" + ], + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version", + "result" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "error": { + "anyOf": [ + { + "type": "string" + }, + {} + ] + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "name", + "statusCode", + "error" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "result": { + "additionalProperties": false, + "properties": { + "assets": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "error": {}, + "installSource": { + "type": "string" + }, + "installType": { + "type": "string" + }, + "status": { + "enum": [ + "installed", + "already_installed" + ], + "type": "string" + } + }, + "required": [ + "error", + "installType" + ], + "type": "object" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version", + "result" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "error": { + "anyOf": [ + { + "type": "string" + }, + {} + ] + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "name", + "statusCode", + "error" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/installed": { + "get": { + "description": "Get installed packages", + "operationId": "get-fleet-epm-packages-installed", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "dataStreamType", + "required": false, + "schema": { + "enum": [ + "logs", + "metrics", + "traces", + "synthetics", + "profiling" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "showOnlyActiveDataStreams", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "nameQuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "searchAfter", + "required": false, + "schema": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "type": "array" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "default": 15, + "type": "number" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "default": "asc", + "enum": [ + "asc", + "desc" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "dataStreams": { + "items": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "name", + "title" + ], + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version", + "status", + "dataStreams" + ], + "type": "object" + }, + "type": "array" + }, + "searchAfter": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "boolean" + }, + { + "enum": [], + "nullable": true + }, + {} + ] + }, + "type": "array" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/limited": { + "get": { + "description": "Get limited package list", + "operationId": "get-fleet-epm-packages-limited", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "type": "string" + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/stats": { + "get": { + "description": "Get package stats", + "operationId": "get-fleet-epm-packages-pkgname-stats", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "response": { + "additionalProperties": false, + "properties": { + "agent_policy_count": { + "type": "number" + } + }, + "required": [ + "agent_policy_count" + ], + "type": "object" + } + }, + "required": [ + "response" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}": { + "delete": { + "description": "Delete package", + "operationId": "delete-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "force", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + } + }, + "required": [ + "force" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "get": { + "description": "Get package", + "operationId": "get-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "ignoreUnverified", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "full", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "withMetadata", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + }, + "metadata": { + "additionalProperties": false, + "properties": { + "has_policies": { + "type": "boolean" + } + }, + "required": [ + "has_policies" + ], + "type": "object" + }, + "response": { + "additionalProperties": true, + "deprecated": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "post": { + "description": "Install package from registry", + "operationId": "post-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "ignoreMappingUpdateErrors", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "skipDataStreamRollover", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "default": false, + "type": "boolean" + }, + "ignore_constraints": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_meta": { + "additionalProperties": false, + "properties": { + "install_source": { + "type": "string" + } + }, + "required": [ + "install_source" + ], + "type": "object" + }, + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "response": { + "deprecated": true, + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + } + ] + }, + "type": "array" + } + }, + "required": [ + "items", + "_meta" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + }, + "put": { + "description": "Update package settings", + "operationId": "put-fleet-epm-packages-pkgname-pkgversion", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "keepPoliciesUpToDate": { + "type": "boolean" + } + }, + "required": [ + "keepPoliciesUpToDate" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + }, + "response": { + "additionalProperties": true, + "deprecated": true, + "properties": { + "agent": { + "additionalProperties": false, + "properties": { + "privileges": { + "additionalProperties": false, + "properties": { + "root": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "asset_tags": { + "items": { + "additionalProperties": false, + "properties": { + "asset_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "asset_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "text": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "type": "array" + }, + "assets": { + "additionalProperties": {}, + "type": "object" + }, + "categories": { + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "additionalProperties": true, + "properties": { + "elastic": { + "additionalProperties": true, + "properties": { + "capabilities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "subscription": { + "type": "string" + } + }, + "type": "object" + }, + "kibana": { + "additionalProperties": true, + "properties": { + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "data_streams": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "description": { + "type": "string" + }, + "discovery": { + "additionalProperties": true, + "properties": { + "fields": { + "items": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "download": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": {}, + "type": "object" + }, + "format_version": { + "type": "string" + }, + "icons": { + "items": { + "additionalProperties": true, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "installationInfo": { + "additionalProperties": true, + "properties": { + "additional_spaces_installed_kibana": { + "additionalProperties": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "type": "object" + }, + "created_at": { + "type": "string" + }, + "experimental_data_stream_features": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": true, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "install_format_schema_version": { + "type": "string" + }, + "install_source": { + "enum": [ + "registry", + "upload", + "bundled", + "custom" + ], + "type": "string" + }, + "install_status": { + "enum": [ + "installed", + "installing", + "install_failed" + ], + "type": "string" + }, + "installed_es": { + "items": { + "additionalProperties": true, + "properties": { + "deferred": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "type": { + "enum": [ + "index", + "index_template", + "component_template", + "ingest_pipeline", + "ilm_policy", + "data_stream_ilm_policy", + "transform", + "ml_model" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana": { + "items": { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + }, + "originId": { + "type": "string" + }, + "type": { + "enum": [ + "dashboard", + "lens", + "visualization", + "search", + "index-pattern", + "map", + "ml-module", + "security-rule", + "csp-rule-template", + "osquery-pack-asset", + "osquery-saved-query", + "tag" + ], + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "installed_kibana_space_id": { + "type": "string" + }, + "latest_executed_state": { + "additionalProperties": true, + "properties": { + "error": { + "type": "string" + }, + "name": { + "type": "string" + }, + "started_at": { + "type": "string" + } + }, + "required": [ + "name", + "started_at" + ], + "type": "object" + }, + "latest_install_failed_attempts": { + "items": { + "additionalProperties": true, + "properties": { + "created_at": { + "type": "string" + }, + "error": { + "additionalProperties": true, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "stack": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "target_version": { + "type": "string" + } + }, + "required": [ + "created_at", + "target_version", + "error" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "updated_at": { + "type": "string" + }, + "verification_key_id": { + "nullable": true, + "type": "string" + }, + "verification_status": { + "enum": [ + "unverified", + "verified", + "unknown" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "type", + "installed_kibana", + "installed_es", + "name", + "version", + "install_status", + "install_source", + "verification_status" + ], + "type": "object" + }, + "internal": { + "type": "boolean" + }, + "keepPoliciesUpToDate": { + "type": "boolean" + }, + "latestVersion": { + "type": "string" + }, + "license": { + "type": "string" + }, + "licensePath": { + "type": "string" + }, + "name": { + "type": "string" + }, + "notice": { + "type": "string" + }, + "owner": { + "additionalProperties": true, + "properties": { + "github": { + "type": "string" + }, + "type": { + "enum": [ + "elastic", + "partner", + "community" + ], + "type": "string" + } + }, + "type": "object" + }, + "path": { + "type": "string" + }, + "policy_templates": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "readme": { + "type": "string" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "savedObject": {}, + "screenshots": { + "items": { + "additionalProperties": false, + "properties": { + "dark_mode": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "src": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "src" + ], + "type": "object" + }, + "type": "array" + }, + "signature_path": { + "type": "string" + }, + "source": { + "additionalProperties": true, + "properties": { + "license": { + "type": "string" + } + }, + "required": [ + "license" + ], + "type": "object" + }, + "status": { + "type": "string" + }, + "title": { + "type": "string" + }, + "type": { + "enum": [ + "integration", + "input", + "content" + ], + "type": "string" + }, + "vars": { + "items": { + "additionalProperties": {}, + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "required": [ + "savedObject", + "name", + "version", + "title", + "assets" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize": { + "post": { + "description": "Authorize transforms", + "operationId": "post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "transforms": { + "items": { + "additionalProperties": false, + "properties": { + "transformId": { + "type": "string" + } + }, + "required": [ + "transformId" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "transforms" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "error": { + "nullable": true + }, + "success": { + "type": "boolean" + }, + "transformId": { + "type": "string" + } + }, + "required": [ + "transformId", + "success", + "error" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}": { + "get": { + "description": "Get package file", + "operationId": "get-fleet-epm-packages-pkgname-pkgversion-filepath", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "filePath", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": {} + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/packages/{pkgkey}": { + "delete": { + "operationId": "delete-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + } + }, + "required": [ + "force" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + }, + "get": { + "operationId": "get-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "ignoreUnverified", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "full", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "withMetadata", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + }, + "post": { + "operationId": "post-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "ignoreMappingUpdateErrors", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + }, + { + "in": "query", + "name": "skipDataStreamRollover", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "force": { + "type": "boolean" + } + }, + "required": [ + "force" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + }, + "put": { + "operationId": "put-fleet-epm-packages-pkgkey", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "pkgkey", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "keepPoliciesUpToDate": { + "type": "boolean" + } + }, + "required": [ + "keepPoliciesUpToDate" + ], + "type": "object" + } + } + } + }, + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": { + "get": { + "description": "Get inputs template", + "operationId": "get-fleet-epm-templates-pkgname-pkgversion-inputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "pkgName", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "pkgVersion", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "default": "json", + "enum": [ + "json", + "yml", + "yaml" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "prerelease", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "ignoreUnverified", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "additionalProperties": false, + "properties": { + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "dataset": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset" + ], + "type": "object" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "data_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "inputs" + ], + "type": "object" + } + ] + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/epm/verification_key_id": { + "get": { + "description": "Get a package signature verification key ID", + "operationId": "get-fleet-epm-verification-key-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Package Manager (EPM)" + ] + } + }, + "/api/fleet/fleet_server_hosts": { + "get": { + "description": "List Fleet Server hosts", + "operationId": "get-fleet-fleet-server-hosts", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + }, + "post": { + "description": "Create Fleet Server host", + "operationId": "post-fleet-fleet-server-hosts", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "host_urls" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + } + }, + "/api/fleet/fleet_server_hosts/{itemId}": { + "delete": { + "description": "Delete Fleet Server host by ID", + "operationId": "delete-fleet-fleet-server-hosts-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + }, + "get": { + "description": "Get Fleet Server host by ID", + "operationId": "get-fleet-fleet-server-hosts-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + }, + "put": { + "description": "Update Fleet Server host by ID", + "operationId": "put-fleet-fleet-server-hosts-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "is_default": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "proxy_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "host_urls": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "name", + "host_urls" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet Server hosts" + ] + } + }, + "/api/fleet/health_check": { + "post": { + "description": "Check Fleet Server health", + "operationId": "post-fleet-health-check", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "format": "uri", + "type": "string" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "host": { + "deprecated": true, + "type": "string" + }, + "host_id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/kubernetes": { + "get": { + "description": "Get full K8s agent manifest", + "operationId": "get-fleet-kubernetes", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "fleetServer", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "enrolToken", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "type": "string" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/kubernetes/download": { + "get": { + "operationId": "get-fleet-kubernetes-download", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "download", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "fleetServer", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "enrolToken", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "type": "string" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Elastic Agent policies" + ] + } + }, + "/api/fleet/logstash_api_keys": { + "post": { + "description": "Generate Logstash API key", + "operationId": "post-fleet-logstash-api-keys", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "api_key": { + "type": "string" + } + }, + "required": [ + "api_key" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/message_signing_service/rotate_key_pair": { + "post": { + "description": "Rotate fleet message signing key pair", + "operationId": "post-fleet-message-signing-service-rotate-key-pair", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "acknowledge", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "500": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Message Signing Service" + ] + } + }, + "/api/fleet/outputs": { + "get": { + "description": "List outputs", + "operationId": "get-fleet-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + }, + "post": { + "description": "Create output", + "operationId": "post-fleet-outputs", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": false, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": false, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": false, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/outputs/{outputId}": { + "delete": { + "description": "Delete output by ID", + "operationId": "delete-fleet-outputs-outputid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + }, + "get": { + "description": "Get output by ID", + "operationId": "get-fleet-outputs-outputid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + }, + "put": { + "description": "Update output by ID", + "operationId": "put-fleet-outputs-outputid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_default_monitoring": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_default_monitoring": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "type": "boolean" + }, + "is_default_monitoring": { + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": false, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": false, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": false, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": false, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": false, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": false, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": false, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": false, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "compression_level", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "preset": { + "enum": [ + "balanced", + "custom", + "throughput", + "scale", + "latency" + ], + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "service_token": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + }, + "service_token": { + "nullable": true, + "type": "string" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "remote_elasticsearch" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": { + "enum": [ + "logstash" + ], + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts" + ], + "type": "object" + }, + { + "additionalProperties": true, + "properties": { + "allow_edit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "auth_type": { + "enum": [ + "none", + "user_pass", + "ssl", + "kerberos" + ], + "type": "string" + }, + "broker_timeout": { + "type": "number" + }, + "ca_sha256": { + "nullable": true, + "type": "string" + }, + "ca_trusted_fingerprint": { + "nullable": true, + "type": "string" + }, + "client_id": { + "type": "string" + }, + "compression": { + "enum": [ + "gzip", + "snappy", + "lz4", + "none" + ], + "type": "string" + }, + "compression_level": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "number" + }, + { + "not": {} + } + ] + }, + "config_yaml": { + "nullable": true, + "type": "string" + }, + "connection_type": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + "plaintext", + "encryption" + ], + "type": "string" + }, + { + "not": {} + } + ] + }, + "hash": { + "additionalProperties": true, + "properties": { + "hash": { + "type": "string" + }, + "random": { + "type": "boolean" + } + }, + "type": "object" + }, + "headers": { + "items": { + "additionalProperties": true, + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hosts": { + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "id": { + "type": "string" + }, + "is_default": { + "default": false, + "type": "boolean" + }, + "is_default_monitoring": { + "default": false, + "type": "boolean" + }, + "is_internal": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "partition": { + "enum": [ + "random", + "round_robin", + "hash" + ], + "type": "string" + }, + "password": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "not": {} + }, + { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + } + ] + }, + "proxy_id": { + "nullable": true, + "type": "string" + }, + "random": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "required_acks": { + "enum": [ + 1, + 0, + -1 + ], + "type": "integer" + }, + "round_robin": { + "additionalProperties": true, + "properties": { + "group_events": { + "type": "number" + } + }, + "type": "object" + }, + "sasl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "mechanism": { + "enum": [ + "PLAIN", + "SCRAM-SHA-256", + "SCRAM-SHA-512" + ], + "type": "string" + } + }, + "type": "object" + }, + "secrets": { + "additionalProperties": true, + "properties": { + "password": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + }, + "ssl": { + "additionalProperties": true, + "properties": { + "key": { + "anyOf": [ + { + "additionalProperties": true, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + { + "type": "string" + } + ] + } + }, + "required": [ + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "shipper": { + "additionalProperties": true, + "nullable": true, + "properties": { + "compression_level": { + "nullable": true, + "type": "number" + }, + "disk_queue_compression_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_enabled": { + "default": false, + "nullable": true, + "type": "boolean" + }, + "disk_queue_encryption_enabled": { + "nullable": true, + "type": "boolean" + }, + "disk_queue_max_size": { + "nullable": true, + "type": "number" + }, + "disk_queue_path": { + "nullable": true, + "type": "string" + }, + "loadbalance": { + "nullable": true, + "type": "boolean" + }, + "max_batch_bytes": { + "nullable": true, + "type": "number" + }, + "mem_queue_events": { + "nullable": true, + "type": "number" + }, + "queue_flush_timeout": { + "nullable": true, + "type": "number" + } + }, + "required": [ + "disk_queue_path", + "disk_queue_max_size", + "disk_queue_encryption_enabled", + "disk_queue_compression_enabled", + "compression_level", + "loadbalance", + "mem_queue_events", + "queue_flush_timeout", + "max_batch_bytes" + ], + "type": "object" + }, + "ssl": { + "additionalProperties": true, + "nullable": true, + "properties": { + "certificate": { + "type": "string" + }, + "certificate_authorities": { + "items": { + "type": "string" + }, + "type": "array" + }, + "key": { + "type": "string" + }, + "verification_mode": { + "enum": [ + "full", + "none", + "certificate", + "strict" + ], + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "type": "number" + }, + "topic": { + "type": "string" + }, + "topics": { + "items": { + "additionalProperties": true, + "properties": { + "topic": { + "type": "string" + }, + "when": { + "additionalProperties": true, + "properties": { + "condition": { + "type": "string" + }, + "type": { + "enum": [ + "equals", + "contains", + "regexp" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "topic" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "type": { + "enum": [ + "kafka" + ], + "type": "string" + }, + "username": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "type": "string" + }, + { + "not": {} + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "type", + "hosts", + "compression_level", + "auth_type", + "connection_type", + "username", + "password" + ], + "type": "object" + } + ] + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/outputs/{outputId}/health": { + "get": { + "description": "Get latest output health", + "operationId": "get-fleet-outputs-outputid-health", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "outputId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "description": "long message if unhealthy", + "type": "string" + }, + "state": { + "description": "state of output, HEALTHY or DEGRADED", + "type": "string" + }, + "timestamp": { + "description": "timestamp of reported state", + "type": "string" + } + }, + "required": [ + "state", + "message", + "timestamp" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet outputs" + ] + } + }, + "/api/fleet/package_policies": { + "get": { + "description": "List package policies", + "operationId": "get-fleet-package-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "sortField", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "sortOrder", + "required": false, + "schema": { + "enum": [ + "desc", + "asc" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "showUpgradeable", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "kuery", + "required": false, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + }, + { + "in": "query", + "name": "withAgentCount", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + }, + "post": { + "description": "Create package policy", + "operationId": "post-fleet-package-policies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "description": { + "description": "Package policy description", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "force": { + "description": "Force package policy creation even if package is not verified, or if the agent policy is managed.", + "type": "boolean" + }, + "id": { + "description": "Package policy unique identifier", + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "name", + "inputs" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "name", + "package" + ], + "type": "object" + } + ], + "description": "You should use inputs as an object and not use the deprecated inputs array." + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "409": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/_bulk_get": { + "post": { + "description": "Bulk get package policies", + "operationId": "post-fleet-package-policies-bulk-get", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "ids": { + "description": "list of package policy ids", + "items": { + "type": "string" + }, + "type": "array" + }, + "ignoreMissing": { + "type": "boolean" + } + }, + "required": [ + "ids" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "items" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/delete": { + "post": { + "description": "Bulk delete package policies", + "operationId": "post-fleet-package-policies-delete", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "force": { + "type": "boolean" + }, + "packagePolicyIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "packagePolicyIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "body": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Use `policy_ids` instead", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "statusCode": { + "type": "number" + }, + "success": { + "type": "boolean" + } + }, + "required": [ + "id", + "success", + "policy_ids", + "package" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/upgrade": { + "post": { + "description": "Upgrade package policy to a newer package version", + "operationId": "post-fleet-package-policies-upgrade", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "packagePolicyIds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "packagePolicyIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "body": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + }, + "success": { + "type": "boolean" + } + }, + "required": [ + "id", + "success" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/upgrade/dryrun": { + "post": { + "description": "Dry run package policy upgrade", + "operationId": "post-fleet-package-policies-upgrade-dryrun", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "packagePolicyIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "packageVersion": { + "type": "string" + } + }, + "required": [ + "packagePolicyIds" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "items": { + "additionalProperties": false, + "properties": { + "agent_diff": { + "items": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "namespace": { + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "id": { + "type": "string" + }, + "meta": { + "additionalProperties": true, + "properties": { + "package": { + "additionalProperties": true, + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + } + }, + "required": [ + "package" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "package_policy_id": { + "type": "string" + }, + "processors": { + "items": { + "additionalProperties": true, + "properties": { + "add_fields": { + "additionalProperties": true, + "properties": { + "fields": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "type": "object" + }, + "target": { + "type": "string" + } + }, + "required": [ + "target", + "fields" + ], + "type": "object" + } + }, + "required": [ + "add_fields" + ], + "type": "object" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "streams": { + "items": { + "additionalProperties": true, + "properties": { + "data_stream": { + "additionalProperties": true, + "properties": { + "dataset": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset" + ], + "type": "object" + }, + "id": { + "type": "string" + } + }, + "required": [ + "id", + "data_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "use_output": { + "type": "string" + } + }, + "required": [ + "id", + "name", + "revision", + "type", + "data_stream", + "use_output", + "package_policy_id" + ], + "type": "object" + }, + "type": "array" + }, + "type": "array" + }, + "body": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "diff": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "description": { + "description": "Package policy description", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "errors": { + "items": { + "additionalProperties": false, + "properties": { + "key": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "type": "array" + }, + "force": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "missingVars": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "name", + "enabled", + "inputs" + ], + "type": "object" + } + ] + }, + "type": "array" + }, + "hasErrors": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "hasErrors" + ], + "type": "object" + }, + "type": "array" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/package_policies/{packagePolicyId}": { + "delete": { + "description": "Delete package policy by ID", + "operationId": "delete-fleet-package-policies-packagepolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "packagePolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "force", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + }, + "get": { + "description": "Get package policy by ID", + "operationId": "get-fleet-package-policies-packagepolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "packagePolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + }, + "put": { + "description": "Update package policy by ID", + "operationId": "put-fleet-package-policies-packagepolicyid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "packagePolicyId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "format", + "required": false, + "schema": { + "enum": [ + "simplified", + "legacy" + ], + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "description": { + "description": "Package policy description", + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "force": { + "type": "boolean" + }, + "inputs": { + "items": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled" + ], + "type": "object" + }, + "type": "array" + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "type": "string" + }, + "type": "array" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "name", + "package" + ], + "type": "object" + } + ] + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "agents": { + "type": "number" + }, + "created_at": { + "type": "string" + }, + "created_by": { + "type": "string" + }, + "description": { + "description": "Package policy description", + "type": "string" + }, + "elasticsearch": { + "additionalProperties": true, + "properties": { + "privileges": { + "additionalProperties": true, + "properties": { + "cluster": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "inputs": { + "anyOf": [ + { + "items": { + "additionalProperties": false, + "properties": { + "compiled_input": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "policy_template": { + "type": "string" + }, + "streams": { + "items": { + "additionalProperties": false, + "properties": { + "compiled_stream": {}, + "config": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + "data_stream": { + "additionalProperties": false, + "properties": { + "dataset": { + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "dynamic_dataset": { + "type": "boolean" + }, + "dynamic_namespace": { + "type": "boolean" + }, + "privileges": { + "additionalProperties": false, + "properties": { + "indices": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "dataset", + "type" + ], + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "keep_enabled": { + "type": "boolean" + }, + "release": { + "enum": [ + "ga", + "beta", + "experimental" + ], + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "enabled", + "data_stream", + "compiled_stream" + ], + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + }, + "vars": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + } + }, + "required": [ + "type", + "enabled", + "streams", + "compiled_input" + ], + "type": "object" + }, + "type": "array" + }, + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that input, (default to true)", + "type": "boolean" + }, + "streams": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "enabled": { + "description": "enable or disable that stream, (default to true)", + "type": "boolean" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Input streams (see integration documentation to know what streams are available)", + "type": "object" + }, + "vars": { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object" + } + }, + "type": "object" + }, + "description": "Package policy inputs (see integration documentation to know what inputs are available)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "is_managed": { + "type": "boolean" + }, + "name": { + "description": "Package policy name (should be unique)", + "type": "string" + }, + "namespace": { + "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "type": "string" + }, + "output_id": { + "nullable": true, + "type": "string" + }, + "overrides": { + "additionalProperties": false, + "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", + "nullable": true, + "properties": { + "inputs": { + "additionalProperties": {}, + "type": "object" + } + }, + "type": "object" + }, + "package": { + "additionalProperties": false, + "properties": { + "experimental_data_stream_features": { + "items": { + "additionalProperties": false, + "properties": { + "data_stream": { + "type": "string" + }, + "features": { + "additionalProperties": false, + "properties": { + "doc_value_only_numeric": { + "type": "boolean" + }, + "doc_value_only_other": { + "type": "boolean" + }, + "synthetic_source": { + "type": "boolean" + }, + "tsdb": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "required": [ + "data_stream", + "features" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Package name", + "type": "string" + }, + "requires_root": { + "type": "boolean" + }, + "title": { + "type": "string" + }, + "version": { + "description": "Package version", + "type": "string" + } + }, + "required": [ + "name", + "version" + ], + "type": "object" + }, + "policy_id": { + "deprecated": true, + "description": "Agent policy ID where that package policy will be added", + "nullable": true, + "type": "string" + }, + "policy_ids": { + "items": { + "description": "Agent policy IDs where that package policy will be added", + "type": "string" + }, + "type": "array" + }, + "revision": { + "type": "number" + }, + "secret_references": { + "items": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "spaceIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "updated_at": { + "type": "string" + }, + "updated_by": { + "type": "string" + }, + "vars": { + "anyOf": [ + { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "frozen": { + "type": "boolean" + }, + "type": { + "type": "string" + }, + "value": {} + }, + "required": [ + "value" + ], + "type": "object" + }, + "description": "Package variable (see integration documentation for more information)", + "type": "object" + }, + { + "additionalProperties": { + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "string" + }, + { + "type": "number" + }, + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "items": { + "type": "number" + }, + "type": "array" + }, + { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "isSecretRef": { + "type": "boolean" + } + }, + "required": [ + "id", + "isSecretRef" + ], + "type": "object" + } + ], + "nullable": true + }, + "description": "Input/stream level variable (see integration documentation for more information)", + "type": "object", + "x-oas-optional": true + } + ] + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "enabled", + "inputs", + "id", + "revision", + "updated_at", + "updated_by", + "created_at", + "created_by" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "403": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet package policies" + ] + } + }, + "/api/fleet/proxies": { + "get": { + "description": "List proxies", + "operationId": "get-fleet-proxies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + }, + "post": { + "description": "Create proxy", + "operationId": "post-fleet-proxies", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url", + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + } + }, + "/api/fleet/proxies/{itemId}": { + "delete": { + "description": "Delete proxy by ID", + "operationId": "delete-fleet-proxies-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + }, + "get": { + "description": "Get proxy by ID", + "operationId": "get-fleet-proxies-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + }, + "put": { + "description": "Update proxy by ID", + "operationId": "put-fleet-proxies-itemid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "itemId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "proxy_headers", + "certificate_authorities", + "certificate", + "certificate_key" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "certificate": { + "nullable": true, + "type": "string" + }, + "certificate_authorities": { + "nullable": true, + "type": "string" + }, + "certificate_key": { + "nullable": true, + "type": "string" + }, + "id": { + "type": "string" + }, + "is_preconfigured": { + "default": false, + "type": "boolean" + }, + "name": { + "type": "string" + }, + "proxy_headers": { + "additionalProperties": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "boolean" + }, + { + "type": "number" + } + ] + }, + "nullable": true, + "type": "object" + }, + "url": { + "type": "string" + } + }, + "required": [ + "id", + "url", + "name" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet proxies" + ] + } + }, + "/api/fleet/service-tokens": { + "post": { + "description": "Create a service token", + "operationId": "post-fleet-service-tokens-2", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": {}, + "summary": "", + "tags": [] + } + }, + "/api/fleet/service_tokens": { + "post": { + "description": "Create a service token", + "operationId": "post-fleet-service-tokens", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "remote": { + "default": false, + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet service tokens" + ] + } + }, + "/api/fleet/settings": { + "get": { + "description": "Get settings", + "operationId": "get-fleet-settings", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "delete_unenrolled_agents": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "is_preconfigured" + ], + "type": "object" + }, + "fleet_server_hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "has_seen_add_data_notice": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "output_secret_storage_requirements_met": { + "type": "boolean" + }, + "preconfigured_fields": { + "items": { + "enum": [ + "fleet_server_hosts" + ], + "type": "string" + }, + "type": "array" + }, + "prerelease_integrations_enabled": { + "type": "boolean" + }, + "secret_storage_requirements_met": { + "type": "boolean" + }, + "use_space_awareness_migration_started_at": { + "type": "string" + }, + "use_space_awareness_migration_status": { + "enum": [ + "pending", + "success", + "error" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + }, + "put": { + "description": "Update settings", + "operationId": "put-fleet-settings", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "additional_yaml_config": { + "type": "string" + }, + "delete_unenrolled_agents": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "is_preconfigured" + ], + "type": "object" + }, + "fleet_server_hosts": { + "items": { + "format": "uri", + "type": "string" + }, + "type": "array" + }, + "has_seen_add_data_notice": { + "type": "boolean" + }, + "kibana_ca_sha256": { + "type": "string" + }, + "kibana_urls": { + "items": { + "format": "uri", + "type": "string" + }, + "type": "array" + }, + "prerelease_integrations_enabled": { + "type": "boolean" + } + }, + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "delete_unenrolled_agents": { + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "is_preconfigured": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "is_preconfigured" + ], + "type": "object" + }, + "fleet_server_hosts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "has_seen_add_data_notice": { + "type": "boolean" + }, + "id": { + "type": "string" + }, + "output_secret_storage_requirements_met": { + "type": "boolean" + }, + "preconfigured_fields": { + "items": { + "enum": [ + "fleet_server_hosts" + ], + "type": "string" + }, + "type": "array" + }, + "prerelease_integrations_enabled": { + "type": "boolean" + }, + "secret_storage_requirements_met": { + "type": "boolean" + }, + "use_space_awareness_migration_started_at": { + "type": "string" + }, + "use_space_awareness_migration_status": { + "enum": [ + "pending", + "success", + "error" + ], + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "404": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/setup": { + "post": { + "description": "Initiate Fleet setup", + "operationId": "post-fleet-setup", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", + "properties": { + "isInitialized": { + "type": "boolean" + }, + "nonFatalErrors": { + "items": { + "additionalProperties": false, + "properties": { + "message": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "message" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "isInitialized", + "nonFatalErrors" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + }, + "500": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Internal Server Error", + "properties": { + "message": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet internals" + ] + } + }, + "/api/fleet/uninstall_tokens": { + "get": { + "description": "List metadata for latest uninstall tokens per agent policy", + "operationId": "get-fleet-uninstall-tokens", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "Partial match filtering for policy IDs", + "in": "query", + "name": "policyId", + "required": false, + "schema": { + "maxLength": 50, + "type": "string" + } + }, + { + "in": "query", + "name": "search", + "required": false, + "schema": { + "maxLength": 50, + "type": "string" + } + }, + { + "description": "The number of items to return", + "in": "query", + "name": "perPage", + "required": false, + "schema": { + "minimum": 5, + "type": "number" + } + }, + { + "in": "query", + "name": "page", + "required": false, + "schema": { + "minimum": 1, + "type": "number" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "items": { + "items": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_name": { + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "policy_id", + "created_at" + ], + "type": "object" + }, + "type": "array" + }, + "page": { + "type": "number" + }, + "perPage": { + "type": "number" + }, + "total": { + "type": "number" + } + }, + "required": [ + "items", + "total", + "page", + "perPage" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet uninstall tokens" + ] + } + }, + "/api/fleet/uninstall_tokens/{uninstallTokenId}": { + "get": { + "description": "Get one decrypted uninstall token by its ID", + "operationId": "get-fleet-uninstall-tokens-uninstalltokenid", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "in": "path", + "name": "uninstallTokenId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "item": { + "additionalProperties": false, + "properties": { + "created_at": { + "type": "string" + }, + "id": { + "type": "string" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array" + }, + "policy_id": { + "type": "string" + }, + "policy_name": { + "nullable": true, + "type": "string" + }, + "token": { + "type": "string" + } + }, + "required": [ + "id", + "policy_id", + "created_at", + "token" + ], + "type": "object" + } + }, + "required": [ + "item" + ], + "type": "object" + } + } + } + }, + "400": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "description": "Generic Error", + "properties": { + "error": { + "type": "string" + }, + "message": { + "type": "string" + }, + "statusCode": { + "type": "number" + } + }, + "required": [ + "message" + ], + "type": "object" + } + } + } + } + }, + "summary": "", + "tags": [ + "Fleet uninstall tokens" + ] + } + }, + "/api/security/role": { + "get": { + "operationId": "get-security-role", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.", + "in": "query", + "name": "replaceDeprecatedPrivileges", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Get all roles", + "tags": [ + "roles" + ] + } + }, + "/api/security/role/{name}": { + "delete": { + "operationId": "delete-security-role-name", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "in": "path", + "name": "name", + "required": true, + "schema": { + "minLength": 1, + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Delete a role", + "tags": [ + "roles" + ] + }, + "get": { + "operationId": "get-security-role-name", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The role name.", + "in": "path", + "name": "name", + "required": true, + "schema": { + "minLength": 1, + "type": "string" + } + }, + { + "description": "If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.", + "in": "query", + "name": "replaceDeprecatedPrivileges", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Get a role", + "tags": [ + "roles" + ] + }, + "put": { + "description": "Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.", + "operationId": "put-security-role-name", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The role name.", + "in": "path", + "name": "name", + "required": true, + "schema": { + "maxLength": 1024, + "minLength": 1, + "type": "string" + } + }, + { + "description": "When true, a role is not overwritten if it already exists.", + "in": "query", + "name": "createOnly", + "required": false, + "schema": { + "default": false, + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "description": { + "description": "A description for the role.", + "maxLength": 2048, + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "cluster": { + "items": { + "description": "Cluster privileges that define the cluster level actions that users can perform.", + "type": "string" + }, + "type": "array" + }, + "indices": { + "items": { + "additionalProperties": false, + "properties": { + "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.", + "type": "boolean" + }, + "field_security": { + "additionalProperties": { + "items": { + "description": "The document fields that the role members have read access to.", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "names": { + "items": { + "description": "The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "privileges": { + "items": { + "description": "The index level privileges that the role members have for the data streams and indices.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.", + "type": "string" + } + }, + "required": [ + "names", + "privileges" + ], + "type": "object" + }, + "type": "array" + }, + "remote_cluster": { + "items": { + "additionalProperties": false, + "properties": { + "clusters": { + "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "privileges": { + "items": { + "description": "The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.", + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "privileges", + "clusters" + ], + "type": "object" + }, + "type": "array" + }, + "remote_indices": { + "items": { + "additionalProperties": false, + "properties": { + "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.", + "type": "boolean" + }, + "clusters": { + "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "field_security": { + "additionalProperties": { + "items": { + "description": "The document fields that the role members have read access to.", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "names": { + "items": { + "description": "A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "privileges": { + "items": { + "description": "The index level privileges that role members have for the specified indices.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ", + "type": "string" + } + }, + "required": [ + "clusters", + "names", + "privileges" + ], + "type": "object" + }, + "type": "array" + }, + "run_as": { + "items": { + "description": "A user name that the role member can impersonate.", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kibana": { + "items": { + "additionalProperties": false, + "properties": { + "base": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "items": { + "description": "A base privilege that grants applies to all spaces.", + "type": "string" + }, + "type": "array" + }, + { + "items": { + "description": "A base privilege that applies to specific spaces.", + "type": "string" + }, + "type": "array" + } + ] + }, + "feature": { + "additionalProperties": { + "items": { + "description": "The privileges that the role member has for the feature.", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "spaces": { + "anyOf": [ + { + "items": { + "enum": [ + "*" + ], + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, + { + "items": { + "description": "A space that the privilege applies to.", + "type": "string" + }, + "type": "array" + } + ], + "default": [ + "*" + ] + } + }, + "required": [ + "base" + ], + "type": "object" + }, + "type": "array" + }, + "metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "elasticsearch" + ], + "type": "object" + } + } + } + }, + "responses": { + "204": { + "description": "Indicates a successful call." + } + }, + "summary": "Create or update a role", + "tags": [ + "roles" + ] + } + }, + "/api/security/roles": { + "post": { + "operationId": "post-security-roles", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "roles": { + "additionalProperties": { + "additionalProperties": false, + "properties": { + "description": { + "description": "A description for the role.", + "maxLength": 2048, + "type": "string" + }, + "elasticsearch": { + "additionalProperties": false, + "properties": { + "cluster": { + "items": { + "description": "Cluster privileges that define the cluster level actions that users can perform.", + "type": "string" + }, + "type": "array" + }, + "indices": { + "items": { + "additionalProperties": false, + "properties": { + "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.", + "type": "boolean" + }, + "field_security": { + "additionalProperties": { + "items": { + "description": "The document fields that the role members have read access to.", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "names": { + "items": { + "description": "The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "privileges": { + "items": { + "description": "The index level privileges that the role members have for the data streams and indices.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.", + "type": "string" + } + }, + "required": [ + "names", + "privileges" + ], + "type": "object" + }, + "type": "array" + }, + "remote_cluster": { + "items": { + "additionalProperties": false, + "properties": { + "clusters": { + "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "privileges": { + "items": { + "description": "The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.", + "type": "string" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "privileges", + "clusters" + ], + "type": "object" + }, + "type": "array" + }, + "remote_indices": { + "items": { + "additionalProperties": false, + "properties": { + "allow_restricted_indices": { + "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.", + "type": "boolean" + }, + "clusters": { + "items": { + "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "field_security": { + "additionalProperties": { + "items": { + "description": "The document fields that the role members have read access to.", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "names": { + "items": { + "description": "A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "privileges": { + "items": { + "description": "The index level privileges that role members have for the specified indices.", + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "query": { + "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ", + "type": "string" + } + }, + "required": [ + "clusters", + "names", + "privileges" + ], + "type": "object" + }, + "type": "array" + }, + "run_as": { + "items": { + "description": "A user name that the role member can impersonate.", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kibana": { + "items": { + "additionalProperties": false, + "properties": { + "base": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "items": { + "description": "A base privilege that grants applies to all spaces.", + "type": "string" + }, + "type": "array" + }, + { + "items": { + "description": "A base privilege that applies to specific spaces.", + "type": "string" + }, + "type": "array" + } + ] + }, + "feature": { + "additionalProperties": { + "items": { + "description": "The privileges that the role member has for the feature.", + "type": "string" + }, + "type": "array" + }, + "type": "object" + }, + "spaces": { + "anyOf": [ + { + "items": { + "enum": [ + "*" + ], + "type": "string" + }, + "maxItems": 1, + "minItems": 1, + "type": "array" + }, + { + "items": { + "description": "A space that the privilege applies to.", + "type": "string" + }, + "type": "array" + } + ], + "default": [ + "*" + ] + } + }, + "required": [ + "base" + ], + "type": "object" + }, + "type": "array" + }, + "metadata": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "elasticsearch" + ], + "type": "object" + }, + "type": "object" + } + }, + "required": [ + "roles" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Create or update roles", + "tags": [ + "roles" + ] + } + }, + "/api/spaces/space": { + "get": { + "operationId": "get-spaces-space", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "Specifies which authorization checks are applied to the API call. The default value is `any`.", + "in": "query", + "name": "purpose", + "required": false, + "schema": { + "enum": [ + "any", + "copySavedObjectsIntoSpace", + "shareSavedObjectsIntoSpace" + ], + "type": "string" + } + }, + { + "description": "When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter.", + "in": "query", + "name": "include_authorized_purposes", + "required": true, + "schema": { + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "object" + }, + { + "type": "string" + } + ], + "nullable": true, + "oneOf": [ + { + "enum": [ + false + ], + "type": "boolean", + "x-oas-optional": true + }, + { + "type": "boolean", + "x-oas-optional": true + } + ] + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Get all spaces", + "tags": [ + "spaces" + ] + }, + "post": { + "operationId": "post-spaces-space", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_reserved": { + "type": "boolean" + }, + "color": { + "description": "The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.", + "type": "string" + }, + "description": { + "description": "A description for the space.", + "type": "string" + }, + "disabledFeatures": { + "default": [], + "items": { + "description": "The list of features that are turned off in the space.", + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.", + "type": "string" + }, + "imageUrl": { + "description": "The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.", + "type": "string" + }, + "initials": { + "description": "One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.", + "maxLength": 2, + "type": "string" + }, + "name": { + "description": "The display name for the space. ", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Create a space", + "tags": [ + "spaces" + ] + } + }, + "/api/spaces/space/{id}": { + "delete": { + "description": "When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.", + "operationId": "delete-spaces-space-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The space identifier.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "404": { + "description": "Indicates that the request failed." + } + }, + "summary": "Delete a space", + "tags": [ + "spaces" + ] + }, + "get": { + "operationId": "get-spaces-space-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The space identifier.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Get a space", + "tags": [ + "spaces" + ] + }, + "put": { + "operationId": "put-spaces-space-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The space identifier. You are unable to change the ID with the update operation.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "_reserved": { + "type": "boolean" + }, + "color": { + "description": "The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.", + "type": "string" + }, + "description": { + "description": "A description for the space.", + "type": "string" + }, + "disabledFeatures": { + "default": [], + "items": { + "description": "The list of features that are turned off in the space.", + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.", + "type": "string" + }, + "imageUrl": { + "description": "The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.", + "type": "string" + }, + "initials": { + "description": "One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.", + "maxLength": 2, + "type": "string" + }, + "name": { + "description": "The display name for the space. ", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "id", + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "description": "Indicates a successful call." + } + }, + "summary": "Update a space", + "tags": [ + "spaces" + ] + } + }, + "/api/status": { + "get": { + "operationId": "get-status", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "Set to \"true\" to get the response in v7 format.", + "in": "query", + "name": "v7format", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "description": "Set to \"true\" to get the response in v8 format.", + "in": "query", + "name": "v8format", + "required": false, + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/core_status_response" + }, + { + "$ref": "#/components/schemas/core_status_redactedResponse" + } + ], + "description": "Kibana's operational status. A minimal response is sent for unauthorized users." + } + } + }, + "description": "Overall status is OK and Kibana should be functioning normally." + }, + "503": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/core_status_response" + }, + { + "$ref": "#/components/schemas/core_status_redactedResponse" + } + ], + "description": "Kibana's operational status. A minimal response is sent for unauthorized users." + } + } + }, + "description": "Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable." + } + }, + "summary": "Get Kibana's current status", + "tags": [ + "system" + ] + } + } + }, + "security": [ + { + "basicAuth": [] + } + ], + "servers": [ + { + "url": "http://localhost:5622" + } + ], + "tags": [ + { + "name": "alerting" + }, + { + "name": "connectors" + }, + { + "name": "Data streams" + }, + { + "name": "Elastic Agent actions" + }, + { + "name": "Elastic Agent binary download sources" + }, + { + "name": "Elastic Agent policies" + }, + { + "name": "Elastic Agent status" + }, + { + "name": "Elastic Agents" + }, + { + "name": "Elastic Package Manager (EPM)" + }, + { + "name": "Fleet enrollment API keys" + }, + { + "name": "Fleet internals" + }, + { + "name": "Fleet outputs" + }, + { + "name": "Fleet package policies" + }, + { + "name": "Fleet proxies" + }, + { + "name": "Fleet Server hosts" + }, + { + "name": "Fleet service tokens" + }, + { + "name": "Fleet uninstall tokens" + }, + { + "name": "Message Signing Service" + }, + { + "name": "roles" + }, + { + "name": "spaces" + }, + { + "name": "system" + } + ] +} \ No newline at end of file diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index d5dc0dd30e8b8..33fc4e7dca56a 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -61,1384 +61,3898 @@ info: version: 1.0.2 x-doc-license: name: Attribution-NonCommercial-NoDerivatives 4.0 International - url: 'https://creativecommons.org/licenses/by-nc-nd/4.0/' + url: https://creativecommons.org/licenses/by-nc-nd/4.0/ x-feedbackLink: label: Feedback url: >- https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ servers: - - url: 'http://{kibana_host}:{port}' + - url: http://{kibana_host}:{port} variables: kibana_host: default: localhost port: default: '5601' - - url: 'https://{kibana_url}' + - url: http://localhost:5622 + - url: https://{kibana_url} variables: kibana_url: - default: 'localhost:5601' + default: localhost:5601 - url: / - - url: 'http://KIBANA_HOST:5601' - description: local - url: 'http://localhost:5601' + url: http://localhost:5601 paths: - /api/apm/agent_keys: - post: - description: Create a new agent key for APM. - operationId: createAgentKey - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - privileges: - items: - enum: - - 'event:write' - - 'config_agent:read' - type: string - type: array - required: true + /api/actions/connector_types: + get: + description: You do not need any Kibana feature privileges to run this API. + operationId: get-actions-connector-types + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: >- + A filter to limit the retrieved connector types to those that + support a specific feature (such as alerting or cases). + in: query + name: feature_id + required: false + schema: + type: string + responses: {} + summary: Get connector types + tags: + - connectors + /api/actions/connector/{id}: + delete: + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: delete-actions-connector-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a connector + tags: + - connectors + get: + operationId: get-actions-connector-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - api_key: - type: string - encoded: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. type: string - expiration: - format: int64 - type: integer id: + description: The identifier for the connector. type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean name: + description: ' The name of the rule.' type: string - description: Agent key created successfully - summary: Create an APM agent key + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Get connector information tags: - - APM agent keys - '/api/apm/services/{serviceName}/annotation': + - connectors post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + operationId: post-actions-connector-id parameters: - - description: The name of the service - in: path - name: serviceName + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: false schema: type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - '@timestamp': + config: + additionalProperties: {} + default: {} + type: object + connector_type_id: + description: The type of connector. type: string - message: + name: + description: The display name for the connector. type: string - service: + secrets: + additionalProperties: {} + default: {} type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array - required: true + required: + - name + - connector_type_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _id: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. type: string - _index: + id: + description: The identifier for the connector. type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Create a connector tags: - - APM annotations - '/api/apm/services/{serviceName}/annotation/search': - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation + - connectors + put: + operationId: put-actions-connector-id parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: The start date for the search - in: query - name: start - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: + example: 'true' type: string - - description: The end date for the search - in: query - name: end - required: false + - description: An identifier for the connector. + in: path + name: id + required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - annotations: - items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string - type: array - description: Successful response - summary: Search for annotations + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Update a connector tags: - - APM annotations - /api/asset_criticality: - delete: - description: Delete the asset criticality record for a specific asset if it exists. - operationId: DeleteAssetCriticalityRecord + - connectors + /api/actions/connector/{id}/_execute: + post: + description: >- + You can use this API to test an action that involves interaction with + Kibana services or integrations with third-party systems. + operationId: post-actions-connector-id-execute parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true schema: - enum: - - wait_for type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - description: >- - True if the record was deleted or false if the record did - not exist. - type: boolean - record: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: The deleted record if it existed. - required: - - deleted - description: Successful response - '400': - description: Invalid request - summary: Delete Criticality Record - tags: - - Security Entity Analytics API - get: - description: Get the criticality record for a specific asset. - operationId: GetAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - '404': - description: Criticality record not found - summary: Get Criticality Record - tags: - - Security Entity Analytics API - post: - description: Create or update a criticality record for a specific asset. - operationId: CreateAssetCriticalityRecord - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. - enum: - - wait_for - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - summary: Upsert Criticality Record - tags: - - Security Entity Analytics API - /api/asset_criticality/bulk: - post: - description: >- - Bulk upsert up to 1000 asset criticality records, creating or updating - them as needed. - operationId: BulkUpsertAssetCriticalityRecords requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 + additionalProperties: false type: object properties: - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - maxItems: 1000 - minItems: 1 - type: array + params: + additionalProperties: {} + type: object required: - - records + - params responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 + additionalProperties: false type: object properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem - type: array - stats: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string required: - - errors - - stats - description: Bulk upload successful - '413': - description: File too large - summary: Bulk Upsert Asset Criticality Records + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Run a connector tags: - - Security Entity Analytics API - /api/asset_criticality/list: + - connectors + /api/actions/connectors: get: - description: 'List asset criticality records, paging, sorting and filtering as needed.' - operationId: FindAssetCriticalityRecords + operationId: get-actions-connectors parameters: - - description: The field to sort by. - in: query - name: sort_field - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - id_value - - id_field - - criticality_level - - \@timestamp + - '2023-10-31' type: string - - description: The order to sort by. - in: query - name: sort_direction - required: false + responses: {} + summary: Get all connectors + tags: + - connectors + /api/alerting/rule/{id}: + delete: + operationId: delete-alerting-rule-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - asc - - desc + - '2023-10-31' type: string - - description: The page number to return. - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of records to return per page. - in: query - name: per_page - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - maximum: 1000 - minimum: 1 - type: integer - - description: The kuery to filter by. - in: query - name: kuery - required: false + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true schema: type: string responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Bulk upload successful - summary: List Asset Criticality Records + '204': + description: Indicates a successful call. + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + summary: Delete a rule tags: - - Security Entity Analytics API - /api/data_views: + - alerting get: - operationId: getAllDataViewsDefault + operationId: get-alerting-rule-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' schema: + additionalProperties: false type: object properties: - data_view: + actions: items: + additionalProperties: false type: object properties: - id: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. type: string - name: + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. type: string - namespaces: - items: - type: string - type: array - title: + id: + description: The identifier for the connector saved object. type: string - typeMeta: + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + flapping: + additionalProperties: false + nullable: true + type: object + properties: + look_back_window: + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + nullable: true + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision description: Indicates a successful call. '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views - tags: - - data views - /api/data_views/data_view: - post: - operationId: createDataViewDefaultw - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - '/api/data_views/data_view/{viewId}': - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view - tags: - - data views - post: - operationId: updateDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view + description: Indicates a rule with the given ID does not exist. + summary: Get rule details tags: - - data views - '/api/data_views/data_view/{viewId}/fields': + - alerting post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault + operationId: post-alerting-rule-id parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: >- + The identifier for the rule. If it is omitted, an ID is randomly + generated. + in: path + name: id + required: false + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' schema: + additionalProperties: false type: object properties: - fields: - description: The field object. + actions: + default: [] + items: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Conditions that affect whether the action runs. If you + specify multiple conditions, all conditions must be + met for the action to run. For example, if an alert + occurs within the specified time frame and matches the + query, the action runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL) as defined in the + `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the days + of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + description: >- + Defines the range of time in a day that the + action can run. If the `start` value is + `00:00` and the `end` value is `24:00`, + actions be generated all day. + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work but + lack built-in daylight savings time support + and are not recommended. + type: string + required: + - days + - hours + - timezone + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. Valid + values include: `onActionGroupChange`: Actions run + when the alert status changes; `onActiveAlert`: + Actions run when the alert becomes active and at + each check interval while the rule conditions are + met; `onThrottleInterval`: Actions run when the + alert becomes active and at the interval specified + in the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` at + both the rule and action level. The recommended + method is to set it for each action. If you set it + at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific + values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often an + alert generates repeated actions. It is specified + in seconds, minutes, hours, or days and is + applicable only if `notify_when` is set to + `onThrottleInterval`. NOTE: You cannot specify the + throttle interval at both the rule and action + level. The recommended method is to set it for + each action. If you set it at the rule level then + update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + default: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. type: object - required: - - fields - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata - tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field': - post: - operationId: createRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, `infrastructure`, + `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, + `siem`, `stackAlerts`, or `uptime`. type: string - runtimeField: - description: | - The runtime field definition object. + enabled: + default: true + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + flapping: + additionalProperties: false + nullable: true type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - summary: Create a runtime field - tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: + properties: + look_back_window: + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold name: - description: | - The name for a runtime field. + description: >- + The name of the rule. While this name does not have to be + unique, a distinctive name can help you identify a rule. type: string - runtimeField: - description: | - The runtime field definition object. + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while the rule + conditions are met; `onThrottleInterval`: Actions run when + the alert becomes active and at the interval specified in + the throttle property while the rule conditions are met. + NOTE: You cannot specify `notify_when` at both the rule and + action level. The recommended method is to set it for each + action. If you set it at the rule level then update the rule + in Kibana, it is automatically changed to use + action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + default: {} + description: The parameters for the rule. type: object + rule_type_id: + description: The rule type identifier. + type: string + schedule: + additionalProperties: false + description: >- + The check interval, which specifies how frequently the rule + conditions are checked. + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, or + days. + type: string + required: + - interval + tags: + default: [] + description: The tags for the rule. + items: + type: string + type: array + throttle: + description: >- + Use the `throttle` property in the action `frequency` object + instead. The throttle interval, which defines how often an + alert generates repeated actions. NOTE: You cannot specify + the throttle interval at both the rule and action level. If + you set it at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific values. + nullable: true + type: string required: - name - - runtimeField - required: true + - rule_type_id + - consumer + - schedule responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data_view: - type: object - fields: + actions: items: + additionalProperties: false type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' - schema: - type: object - properties: - data_view: - type: object - fields: + active_snoozes: items: - type: object + description: List of active snoozes for the rule. + type: string type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field - tags: - - data views - post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' - schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField - required: true - responses: - '200': - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field - tags: - - data views - /api/data_views/default: - get: - operationId: getDefaultDataViewDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response - schema: - type: object - properties: - data_view_id: + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + flapping: + additionalProperties: false + nullable: true + type: object + properties: + look_back_window: + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + nullable: true + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision description: Indicates a successful call. '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '409': + description: Indicates that the rule id is already in use. + summary: Create a rule tags: - - data views - post: - operationId: setDefaultDatailViewDefault + - alerting + put: + operationId: put-alerting-rule-id parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: + additionalProperties: false type: object properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. + actions: + default: [] + items: + additionalProperties: false + description: An action that runs under defined conditions. + type: object + properties: + alerts_filter: + additionalProperties: false + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query Domain + Specific Language (DSL) as defined in the + `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the days + of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + description: >- + Defines the range of time in a day that the + action can run. If the `start` value is + `00:00` and the `end` value is `24:00`, + actions be generated all day. + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work but + lack built-in daylight savings time support + and are not recommended. + type: string + required: + - days + - hours + - timezone + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. Valid + values include: `onActionGroupChange`: Actions run + when the alert status changes; `onActiveAlert`: + Actions run when the alert becomes active and at + each check interval while the rule conditions are + met; `onThrottleInterval`: Actions run when the + alert becomes active and at the interval specified + in the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` at + both the rule and action level. The recommended + method is to set it for each action. If you set it + at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific + values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often an + alert generates repeated actions. It is specified + in seconds, minutes, hours, or days and is + applicable only if `notify_when` is set to + `onThrottleInterval`. NOTE: You cannot specify the + throttle interval at both the rule and action + level. The recommended method is to set it for + each action. If you set it at the rule level then + update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + default: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: A universally unique identifier (UUID) for the action. + type: string + required: + - id + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + flapping: + additionalProperties: false + nullable: true + type: object + properties: + look_back_window: + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + name: + description: >- + The name of the rule. While this name does not have to be + unique, a distinctive name can help you identify a rule. + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while the rule + conditions are met; `onThrottleInterval`: Actions run when + the alert becomes active and at the interval specified in + the throttle property while the rule conditions are met. + NOTE: You cannot specify `notify_when` at both the rule and + action level. The recommended method is to set it for each + action. If you set it at the rule level then update the rule + in Kibana, it is automatically changed to use + action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + type: object + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, or + days. + type: string + required: + - interval + tags: + default: [] + items: + description: The tags for the rule. + type: string + type: array + throttle: + description: >- + Use the `throttle` property in the action `frequency` object + instead. The throttle interval, which defines how often an + alert generates repeated actions. NOTE: You cannot specify + the throttle interval at both the rule and action level. If + you set it at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific values. nullable: true type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean required: - - data_view_id - required: true + - name + - schedule responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view - tags: - - data views - /api/data_views/swap_references: - post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleteStatus: + actions: + items: + additionalProperties: false + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params + type: array + active_snoozes: + items: + description: List of active snoozes for the rule. + type: string + type: array + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. type: object properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + flapping: + additionalProperties: false + nullable: true + type: object + properties: + look_back_window: + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: + items: + description: 'List of identifiers of muted alerts. ' + type: string + type: array + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: items: + additionalProperties: false type: object properties: + duration: + description: Duration of the rule snooze schedule. + type: number id: - description: A saved object identifier. - type: string - type: - description: The saved object type. + description: Identifier of the rule snooze schedule. type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + nullable: true + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule + type: array + tags: + items: + description: The tags for the rule. + type: string type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string + required: + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision description: Indicates a successful call. - summary: Swap saved object references + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + '409': + description: Indicates that the rule has already been updated by another user. + summary: Update a rule tags: - - data views - /api/data_views/swap_references/_preview: + - alerting + /api/alerting/rule/{id}/_disable: post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault + operationId: post-alerting-rule-id-disable parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + additionalProperties: false + nullable: true + type: object + properties: + untrack: + description: Defines whether this rule's alerts should be untracked. + type: boolean + x-oas-optional: true responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + '204': description: Indicates a successful call. - summary: Preview a saved object reference swap + '400': + description: Indicates an invalid schema. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + summary: Disable a rule tags: - - data views - /api/detection_engine/privileges: - get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - - space and index privileges, which determine if the user can create an - - index for the Elastic Security alerts generated by - - detection engine rules. - operationId: ReadPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key - description: Successful response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Returns user privileges for the Kibana space - tags: - - Security Detections API - - Privileges API - /api/detection_engine/rules: - delete: - description: Delete a detection rule using the `rule_id` or `id` field. - operationId: DeleteRule + - alerting + /api/alerting/rule/{id}/_enable: + post: + operationId: post-alerting-rule-id-enable parameters: - - description: The rule's `id` value. - in: query - name: id - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + '204': description: Indicates a successful call. - summary: Delete a detection rule + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + summary: Enable a rule tags: - - Security Detections API - - Rules API - get: - description: Retrieve a detection rule using the `rule_id` or `id` field. - operationId: ReadRule + - alerting + /api/alerting/rule/{id}/_mute_all: + post: + operationId: post-alerting-rule-id-mute-all parameters: - - description: The rule's `id` value. - in: query - name: id - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. - in: query - name: rule_id - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + '204': description: Indicates a successful call. - summary: Retrieve a detection rule + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + summary: Mute all alerts tags: - - Security Detections API - - Rules API - patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. - operationId: PatchRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' - required: true + - alerting + /api/alerting/rule/{id}/_unmute_all: + post: + operationId: post-alerting-rule-id-unmute-all + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + '204': description: Indicates a successful call. - summary: Patch a detection rule + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + summary: Unmute all alerts tags: - - Security Detections API - - Rules API + - alerting + /api/alerting/rule/{id}/_update_api_key: post: - description: Create a new detection rule. - operationId: CreateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' - required: true + operationId: post-alerting-rule-id-update-api-key + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: id + required: true + schema: + type: string responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + '204': description: Indicates a successful call. - summary: Create a detection rule + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule with the given ID does not exist. + '409': + description: Indicates that the rule has already been updated by another user. + summary: Update the API key for a rule tags: - - Security Detections API - - Rules API - put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` or `rule_id` values. - operationId: UpdateRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' - required: true + - alerting + /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: + post: + operationId: post-alerting-rule-rule-id-alert-alert-id-mute + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: rule_id + required: true + schema: + type: string + - description: The identifier for the alert. + in: path + name: alert_id + required: true + schema: + type: string responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + '204': description: Indicates a successful call. - summary: Update a detection rule + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule or alert with the given ID does not exist. + summary: Mute an alert tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_bulk_action: + - alerting + /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. - operationId: PerformRulesBulkAction + operationId: post-alerting-rule-rule-id-alert-alert-id-unmute parameters: - - description: Enables dry run mode for the request call. + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The identifier for the rule. + in: path + name: rule_id + required: true + schema: + type: string + - description: The identifier for the alert. + in: path + name: alert_id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + '404': + description: Indicates a rule or alert with the given ID does not exist. + summary: Unmute an alert + tags: + - alerting + /api/alerting/rules/_find: + get: + operationId: get-alerting-rules-find + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The number of rules to return per page. in: query - name: dry_run + name: per_page required: false schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDisableRules - - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Detections_API_BulkManualRuleRun - - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Detections_API_BulkExportActionResponse - description: OK - summary: Apply a bulk action to detection rules - tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_export: - post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - - - Actions - - - Exception lists - - > info - - > You cannot export prebuilt rules. - operationId: ExportRules - parameters: - - description: Determines whether a summary of the exported rules is returned. + default: 10 + minimum: 0 + type: number + - description: The page number to return. in: query - name: exclude_export_details + name: page required: false schema: - default: false - type: boolean - - description: File name for saving the exported rules. + default: 1 + minimum: 1 + type: number + - description: >- + An Elasticsearch simple_query_string query that filters the objects + in the response. in: query - name: file_name + name: search required: false schema: - default: export.ndjson type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - nullable: true - type: object - properties: - objects: - description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. - items: - type: object - properties: - rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId - required: - - rule_id - type: array - required: - - objects - required: false - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: An `.ndjson` file containing the returned rules. - format: binary - type: string - description: Indicates a successful call. - summary: Export detection rules - tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/_find: - get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. - operationId: FindRules - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query + - description: The default operator to use for the simple_query_string. in: query - name: filter + name: default_search_operator required: false schema: + default: OR + enum: + - OR + - AND type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' - - description: Sort order + - description: The fields to perform the simple_query_string parsed query against. in: query - name: sort_order + name: search_fields required: false schema: - $ref: '#/components/schemas/Security_Detections_API_SortOrder' - - description: Page number + anyOf: + - items: + type: string + type: array + - type: string + - description: >- + Determines which field is used to sort the results. The field must + exist in the `attributes` key of the response. in: query - name: page + name: sort_field required: false schema: - default: 1 - minimum: 1 - type: integer - - description: Rules per page + type: string + - description: Determines the sort order. in: query - name: per_page + name: sort_order required: false schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RuleResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - summary: List all detection rules - tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_import: - post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - - - The `Content-Type: multipart/form-data` HTTP header. - - - A link to the `.ndjson` file containing the rules. - operationId: ImportRules - parameters: + enum: + - asc + - desc + type: string - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. + Filters the rules that have a relation with the reference objects + with a specific type and identifier. in: query - name: overwrite + name: has_reference required: false schema: - default: false - type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. - in: query - name: overwrite_exceptions + additionalProperties: false + nullable: true + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + - in: query + name: fields required: false schema: - default: false - type: boolean + items: + description: The fields to return in the `attributes` key of the response. + type: string + type: array - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. + A KQL string that you filter with an attribute from your saved + object. It should look like `savedObjectType.attributes.title: + "myTitle"`. However, if you used a direct attribute of a saved + object, such as `updatedAt`, you must define your filter, for + example, `savedObjectType.updatedAt > 2018-12-22`. in: query - name: overwrite_action_connectors + name: filter required: false schema: - default: false - type: boolean - - description: Generates a new list ID for each imported exception list. - in: query - name: as_new_list + type: string + - in: query + name: filter_consumers required: false schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: The `.ndjson` file containing the rules. - format: binary - type: string - required: true + items: + description: List of consumers to filter. + type: string + type: array responses: '200': content: @@ -1447,188 +3961,851 @@ paths: additionalProperties: false type: object properties: - action_connectors_errors: + actions: items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + additionalProperties: false + type: object + properties: + alerts_filter: + additionalProperties: false + description: >- + Defines a period that limits whether the action + runs. + type: object + properties: + query: + additionalProperties: false + type: object + properties: + dsl: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL). + type: string + filters: + description: >- + A filter written in Elasticsearch Query + Domain Specific Language (DSL) as defined in + the `kbn-es-query` package. + items: + additionalProperties: false + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: >- + A filter can be either specific to an + application context or applied globally. + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: {} + type: object + query: + additionalProperties: {} + type: object + required: + - meta + type: array + kql: + description: >- + A filter written in Kibana Query Language + (KQL). + type: string + required: + - kql + - filters + timeframe: + additionalProperties: false + type: object + properties: + days: + description: >- + Defines the days of the week that the action + can run, represented as an array of numbers. + For example, `1` represents Monday. An empty + array is equivalent to specifying all the + days of the week. + items: + enum: + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + type: integer + type: array + hours: + additionalProperties: false + type: object + properties: + end: + description: >- + The end of the time frame in 24-hour + notation (`hh:mm`). + type: string + start: + description: >- + The start of the time frame in 24-hour + notation (`hh:mm`). + type: string + required: + - start + - end + timezone: + description: >- + The ISO time zone for the `hours` values. + Values such as `UTC` and `UTC+1` also work + but lack built-in daylight savings time + support and are not recommended. + type: string + required: + - days + - hours + - timezone + connector_type_id: + description: >- + The type of connector. This property appears in + responses but cannot be set in requests. + type: string + frequency: + additionalProperties: false + type: object + properties: + notify_when: + description: >- + Indicates how often alerts generate actions. + Valid values include: `onActionGroupChange`: + Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert + becomes active and at each check interval while + the rule conditions are met; + `onThrottleInterval`: Actions run when the alert + becomes active and at the interval specified in + the throttle property while the rule conditions + are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The + recommended method is to set it for each action. + If you set it at the rule level then update the + rule in Kibana, it is automatically changed to + use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + summary: + description: Indicates whether the action is a summary. + type: boolean + throttle: + description: >- + The throttle interval, which defines how often + an alert generates repeated actions. It is + specified in seconds, minutes, hours, or days + and is applicable only if 'notify_when' is set + to 'onThrottleInterval'. NOTE: You cannot + specify the throttle interval at both the rule + and action level. The recommended method is to + set it for each action. If you set it at the + rule level then update the rule in Kibana, it is + automatically changed to use action-specific + values. + nullable: true + type: string + required: + - summary + - notify_when + - throttle + group: + description: >- + The group name, which affects when the action runs + (for example, when the threshold is met or when the + alert is recovered). Each rule type has a list of + valid action group names. If you don't need to group + actions, set to `default`. + type: string + id: + description: The identifier for the connector saved object. + type: string + params: + additionalProperties: {} + description: >- + The parameters for the action, which are sent to the + connector. The `params` are handled as Mustache + templates and passed a default set of context. + type: object + use_alert_data_for_template: + description: Indicates whether to use alert data as a template. + type: boolean + uuid: + description: >- + A universally unique identifier (UUID) for the + action. + type: string + required: + - id + - connector_type_id + - params type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: + active_snoozes: items: - $ref: >- - #/components/schemas/Security_Detections_API_WarningSchema + description: List of active snoozes for the rule. + type: string type: array - errors: + alert_delay: + additionalProperties: false + description: >- + Indicates that an alert occurs only when the specified + number of consecutive runs met the rule conditions. + type: object + properties: + active: + description: >- + The number of consecutive runs that must meet the rule + conditions. + type: number + required: + - active + api_key_created_by_user: + description: >- + Indicates whether the API key that is associated with the + rule was created by the user. + nullable: true + type: boolean + api_key_owner: + description: >- + The owner of the API key that is associated with the rule + and used to run background tasks. + nullable: true + type: string + consumer: + description: >- + The name of the application or feature that owns the rule. + For example: `alerts`, `apm`, `discover`, + `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, + `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + type: string + created_at: + description: The date and time that the rule was created. + type: string + created_by: + description: The identifier for the user that created the rule. + nullable: true + type: string + enabled: + description: >- + Indicates whether you want to run the rule on an interval + basis after it is created. + type: boolean + execution_status: + additionalProperties: false + type: object + properties: + error: + additionalProperties: false + type: object + properties: + message: + description: Error message. + type: string + reason: + description: Reason for error. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + type: string + required: + - reason + - message + last_duration: + description: Duration of last execution of the rule. + type: number + last_execution_date: + description: The date and time when rule was executed last. + type: string + status: + description: Status of rule execution. + enum: + - ok + - active + - error + - warning + - pending + - unknown + type: string + warning: + additionalProperties: false + type: object + properties: + message: + description: Warning message. + type: string + reason: + description: Reason for warning. + enum: + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + type: string + required: + - reason + - message + required: + - status + - last_execution_date + flapping: + additionalProperties: false + nullable: true + type: object + properties: + look_back_window: + maximum: 20 + minimum: 2 + type: number + status_change_threshold: + maximum: 20 + minimum: 2 + type: number + required: + - look_back_window + - status_change_threshold + id: + description: The identifier for the rule. + type: string + is_snoozed_until: + description: The date when the rule will no longer be snoozed. + nullable: true + type: string + last_run: + additionalProperties: false + nullable: true + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: Number of ignored alerts during last run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: Number of recovered alerts during last run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could be + succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: Outcome message generated during last rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count + mapped_params: + additionalProperties: {} + type: object + monitoring: + additionalProperties: false + description: Monitoring details of the rule. + type: object + properties: + run: + additionalProperties: false + description: Rule run details. + type: object + properties: + calculated_metrics: + additionalProperties: false + description: >- + Calculation of different percentiles and success + ratio. + type: object + properties: + p50: + type: number + p95: + type: number + p99: + type: number + success_ratio: + type: number + required: + - success_ratio + history: + description: History of the rule run. + items: + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule run. + type: number + outcome: + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + success: + description: >- + Indicates whether the rule run was + successful. + type: boolean + timestamp: + description: Time of rule run. + type: number + required: + - success + - timestamp + type: array + last_run: + additionalProperties: false + type: object + properties: + metrics: + additionalProperties: false + type: object + properties: + duration: + description: Duration of most recent rule run. + type: number + gap_duration_s: + description: Duration in seconds of rule run gap. + nullable: true + type: number + total_alerts_created: + description: >- + Total number of alerts created during last + rule run. + nullable: true + type: number + total_alerts_detected: + description: >- + Total number of alerts detected during + last rule run. + nullable: true + type: number + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during + last rule run in milliseconds. + nullable: true + type: number + total_search_duration_ms: + description: >- + Total time spent performing Elasticsearch + searches as measured by Kibana; includes + network latency and time spent serializing + or deserializing the request and response. + nullable: true + type: number + timestamp: + description: Time of the most recent rule run. + type: string + required: + - timestamp + - metrics + required: + - history + - calculated_metrics + - last_run + required: + - run + mute_all: + description: Indicates whether all alerts are muted. + type: boolean + muted_alert_ids: items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + description: 'List of identifiers of muted alerts. ' + type: string type: array - exceptions_errors: + name: + description: ' The name of the rule.' + type: string + next_run: + description: Date and time of the next run of the rule. + nullable: true + type: string + notify_when: + description: >- + Indicates how often alerts generate actions. Valid values + include: `onActionGroupChange`: Actions run when the alert + status changes; `onActiveAlert`: Actions run when the + alert becomes active and at each check interval while the + rule conditions are met; `onThrottleInterval`: Actions run + when the alert becomes active and at the interval + specified in the throttle property while the rule + conditions are met. NOTE: You cannot specify `notify_when` + at both the rule and action level. The recommended method + is to set it for each action. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + nullable: true + type: string + params: + additionalProperties: {} + description: The parameters for the rule. + type: object + revision: + description: The rule revision number. + type: number + rule_type_id: + description: The rule type identifier. + type: string + running: + description: Indicates whether the rule is running. + nullable: true + type: boolean + schedule: + additionalProperties: false + type: object + properties: + interval: + description: >- + The interval is specified in seconds, minutes, hours, + or days. + type: string + required: + - interval + scheduled_task_id: + description: Identifier of the scheduled task. + type: string + snooze_schedule: items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + additionalProperties: false + type: object + properties: + duration: + description: Duration of the rule snooze schedule. + type: number + id: + description: Identifier of the rule snooze schedule. + type: string + rRule: + additionalProperties: false + type: object + properties: + byhour: + items: + description: Indicates hours of the day to recur. + type: number + nullable: true + type: array + byminute: + items: + description: Indicates minutes of the hour to recur. + type: number + nullable: true + type: array + bymonth: + items: + description: >- + Indicates months of the year that this rule + should recur. + type: number + nullable: true + type: array + bymonthday: + items: + description: Indicates the days of the month to recur. + type: number + nullable: true + type: array + bysecond: + items: + description: Indicates seconds of the day to recur. + type: number + nullable: true + type: array + bysetpos: + items: + description: >- + A positive or negative integer affecting the + nth day of the month. For example, -2 combined + with `byweekday` of FR is 2nd to last Friday + of the month. It is recommended to not set + this manually and just use `byweekday`. + type: number + nullable: true + type: array + byweekday: + items: + anyOf: + - type: string + - type: number + description: >- + Indicates the days of the week to recur or + else nth-day-of-month strings. For example, + "+2TU" second Tuesday of month, "-1FR" last + Friday of the month, which are internally + converted to a `byweekday/bysetpos` + combination. + nullable: true + type: array + byweekno: + items: + description: Indicates number of the week hours to recur. + type: number + nullable: true + type: array + byyearday: + items: + description: >- + Indicates the days of the year that this rule + should recur. + type: number + nullable: true + type: array + count: + description: >- + Number of times the rule should recur until it + stops. + type: number + dtstart: + description: >- + Rule start date in Coordinated Universal Time + (UTC). + type: string + freq: + description: >- + Indicates frequency of the rule. Options are + YEARLY, MONTHLY, WEEKLY, DAILY. + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + type: integer + interval: + description: >- + Indicates the interval of frequency. For + example, 1 and YEARLY is every 1 year, 2 and + WEEKLY is every 2 weeks. + type: number + tzid: + description: Indicates timezone abbreviation. + type: string + until: + description: Recur the rule until this date. + type: string + wkst: + description: Indicates the start of week, defaults to Monday. + enum: + - MO + - TU + - WE + - TH + - FR + - SA + - SU + type: string + required: + - dtstart + - tzid + skipRecurrences: + items: + description: Skips recurrence of rule on this date. + type: string + type: array + required: + - duration + - rRule type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer - success: - type: boolean - success_count: - minimum: 0 - type: integer + tags: + items: + description: The tags for the rule. + type: string + type: array + throttle: + deprecated: true + description: >- + Deprecated in 8.13.0. Use the `throttle` property in the + action `frequency` object instead. The throttle interval, + which defines how often an alert generates repeated + actions. NOTE: You cannot specify the throttle interval at + both the rule and action level. If you set it at the rule + level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + type: string + updated_at: + description: The date and time that the rule was updated most recently. + type: string + updated_by: + description: >- + The identifier for the user that updated this rule most + recently. + nullable: true + type: string + view_in_app_relative_url: + description: Relative URL to view rule in the app. + nullable: true + type: string required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count + - id + - enabled + - name + - tags + - rule_type_id + - consumer + - schedule + - actions + - params + - created_by + - updated_by + - created_at + - updated_at + - api_key_owner + - mute_all + - muted_alert_ids + - execution_status + - revision description: Indicates a successful call. - summary: Import detection rules + '400': + description: Indicates an invalid schema or parameters. + '403': + description: Indicates that this call is forbidden. + summary: Get information about rules tags: - - Security Detections API - - Import/Export API - '/api/detection_engine/rules/{id}/exceptions': + - alerting + /api/apm/agent_keys: post: - operationId: CreateRuleExceptionListItems - parameters: - - description: Detection rule's identifier - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Exceptions_API_RuleId' + description: Create a new agent key for APM. + operationId: createAgentKey requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - items: + name: + type: string + privileges: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps + enum: + - event:write + - config_agent:read + type: string type: array - required: - - items - description: Rule exception list items required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Creates rule exception list items + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + description: Agent key created successfully + summary: Create an APM agent key tags: - - Security Exceptions API - /api/detection_engine/rules/preview: + - APM agent keys + /api/apm/services/{serviceName}/annotation: post: - operationId: RulePreview + description: Create a new annotation for a specific service. + operationId: createAnnotation parameters: - - description: >- - Enables logging and returning in response ES queries, performed - during rule execution - in: query - name: enable_logged_requests - required: false + - description: The name of the service + in: path + name: serviceName + required: true schema: - type: boolean + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - discriminator: - propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + type: object + properties: + '@timestamp': + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + version: + type: string + tags: + items: + type: string + type: array required: true responses: '200': @@ -1637,1676 +4814,1914 @@ paths: schema: type: object properties: - isAborted: - type: boolean - logs: + _id: + type: string + _index: + type: string + _source: + type: object + properties: + '@timestamp': + type: string + annotation: + type: string + event: + type: object + properties: + created: + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + tags: + items: + type: string + type: array + description: Annotation created successfully + summary: Create a service annotation + tags: + - APM annotations + /api/apm/services/{serviceName}/annotation/search: + get: + description: Search for annotations related to a specific service. + operationId: getAnnotation + parameters: + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + - description: The environment to filter annotations by + in: query + name: environment + required: false + schema: + type: string + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + annotations: items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLogs + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string type: array - previewId: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString - required: - - logs description: Successful response - '400': + summary: Search for annotations + tags: + - APM annotations + /api/asset_criticality: + delete: + description: Delete the asset criticality record for a specific entity. + operationId: DeleteAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + - description: If 'wait_for' the request will wait for the index refresh. + in: query + name: refresh + required: false + schema: + enum: + - wait_for + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + type: object + properties: + deleted: + description: >- + True if the record was deleted or false if the record did + not exist. + type: boolean + record: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: The deleted record if it existed. + required: + - deleted + description: Successful response + '400': + description: Invalid request + summary: Delete an asset criticality record + tags: + - Security Entity Analytics API + get: + description: Get the asset criticality record for a specific entity. + operationId: GetAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Preview rule alerts generated on specified time range + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + '404': + description: Criticality record not found + summary: Get an asset criticality record tags: - - Security Detections API - - Rule preview API - /api/detection_engine/signals/assignees: + - Security Entity Analytics API post: - description: | - Assign users to detection alerts, and unassign them from alerts. - > info - > You cannot add and remove the same assignee in the same request. - operationId: SetAlertAssignees + description: > + Create or update an asset criticality record for a specific entity. + + + If a record already exists for the specified entity, that record is + overwritten with the specified value. If a record doesn't exist for the + specified entity, a new record is created. + operationId: CreateAssetCriticalityRecord requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - assignees: - $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' - description: Details about the assignees to assign and unassign. - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. - required: - - assignees - - ids + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - type: object + properties: + refresh: + description: >- + If 'wait_for' the request will wait for the index + refresh. + enum: + - wait_for + type: string required: true responses: '200': - description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response '400': - description: Invalid request. - summary: Assign and unassign users from detection alerts + description: Invalid request + summary: Upsert an asset criticality record tags: - - Security Detections API - /api/detection_engine/signals/search: + - Security Entity Analytics API + /api/asset_criticality/bulk: post: - description: Find and/or aggregate detection alerts that match the given query. - operationId: SearchAlerts + description: > + Bulk upsert up to 1000 asset criticality records. + + + If asset criticality records already exist for the specified entities, + those records are overwritten with the specified values. If asset + criticality records don't exist for the specified entities, new records + are created. + operationId: BulkUpsertAssetCriticalityRecords requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: Elasticsearch query and aggregation request + example: + records: + - criticality_level: low_impact + id_field: host.name + id_value: host-1 + - criticality_level: medium_impact + id_field: host.name + id_value: host-2 type: object properties: - _source: - oneOf: - - type: boolean - - type: string - - items: - type: string - type: array - aggs: - additionalProperties: true - type: object - fields: + records: items: - type: string + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + maxItems: 1000 + minItems: 1 type: array - query: - additionalProperties: true - type: object - runtime_mappings: - additionalProperties: true - type: object - size: - minimum: 0 - type: integer - sort: - $ref: '#/components/schemas/Security_Detections_API_AlertsSort' - track_total_hits: - type: boolean - description: Search and/or aggregation query - required: true + required: + - records responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch search response + example: + errors: + - index: 0 + message: Invalid ID field + stats: + failed: 1 + successful: 1 + total: 2 type: object - description: Successful response - '400': + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + type: array + stats: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + required: + - errors + - stats + description: Bulk upload successful + '413': + description: File too large + summary: Bulk upsert asset criticality records + tags: + - Security Entity Analytics API + /api/asset_criticality/list: + get: + description: List asset criticality records, paging, sorting and filtering as needed. + operationId: FindAssetCriticalityRecords + parameters: + - description: The field to sort by. + in: query + name: sort_field + required: false + schema: + enum: + - id_value + - id_field + - criticality_level + - \@timestamp + type: string + - description: The order to sort by. + in: query + name: sort_direction + required: false + schema: + enum: + - asc + - desc + type: string + - description: The page number to return. + in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - description: The number of records to return per page. + in: query + name: per_page + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: The kuery to filter by. + in: query + name: kuery + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + type: object + properties: + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + description: Bulk upload successful + summary: List asset criticality records + tags: + - Security Entity Analytics API + /api/data_views: + get: + operationId: getAllDataViewsDefault + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + type: object + properties: + data_view: + items: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + type: object + type: array + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Find and/or aggregate detection alerts + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/status: + - data views + /api/data_views/data_view: post: - description: Set the status of one or more detection alerts. - operationId: SetAlertsStatus + operationId: createDataViewDefaultw + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts + $ref: '#/components/schemas/Data_views_create_data_view_request_object' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create a data view + tags: + - data views + /api/data_views/data_view/{viewId}: + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '204': + description: Indicates a successful call. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view + tags: + - data views + get: + operationId: getDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Set a detection alert status + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/tags: + - data views post: - description: | - And tags to detection alerts, and remove them from alerts. - > info - > You cannot add and remove the same alert tag in the same request. - operationId: SetAlertTags + operationId: updateDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' schema: - type: object - properties: - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - tags: - $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' - required: - - ids - - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + $ref: '#/components/schemas/Data_views_update_data_view_request_object' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a data view + tags: + - data views + /api/data_views/data_view/{viewId}/fields: + post: + description: > + Update fields presentation metadata such as count, customLabel, + customDescription, and format. + operationId: updateFieldsMetadataDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' + schema: + type: object + properties: + fields: + description: The field object. + type: object + required: + - fields + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Add and remove detection alert tags + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update data view fields metadata tags: - - Security Detections API - - Alerts API - /api/detection_engine/tags: - get: - description: List all unique tags from all detection rules. - operationId: ReadTags + - data views + /api/data_views/data_view/{viewId}/runtime_field: + post: + operationId: createRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - description: Indicates a successful call - summary: List all detection rule tags + type: object + description: Indicates a successful call. + summary: Create a runtime field tags: - - Security Detections API - - Tags API - /api/endpoint_list: - post: - description: Creates an endpoint list or does nothing if the list already exists - operationId: CreateEndpointList + - data views + put: + operationId: createUpdateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. + in: path + name: viewId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList - description: Successful response + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create or update a runtime field + tags: + - data views + /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: + delete: + operationId: deleteRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Creates an endpoint list + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items: - delete: - operationId: DeleteEndpointListItem + - data views + get: + operationId: getRuntimeFieldDefault parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Deletes an endpoint list item + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field tags: - - Security Endpoint Exceptions API - get: - operationId: ReadEndpointListItem + - data views + post: + operationId: updateRuntimeFieldDefault parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' + schema: + type: object + properties: + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField + required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array - description: Successful response + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a runtime field + tags: + - data views + /api/data_views/default: + get: + operationId: getDefaultDataViewDefault + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': + type: object + properties: + data_view_id: + type: string + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Reads an endpoint list item + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get the default data view tags: - - Security Endpoint Exceptions API + - data views post: - operationId: CreateEndpointListItem + operationId: setDefaultDatailViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: type: object properties: - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + data_view_id: + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean required: - - type - - name - - description - - entries - description: Exception list item's properties + - data_view_id required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item already exists - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Creates an endpoint list item + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Set the default data view tags: - - Security Endpoint Exceptions API - put: - operationId: UpdateEndpointListItem + - data views + /api/data_views/swap_references: + post: + description: > + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. + operationId: swapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + type: object + properties: + deleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Swap saved object references + tags: + - data views + /api/data_views/swap_references/_preview: + post: + description: > + Preview the impact of swapping saved object references from one data + view identifier to another. + operationId: previewSwapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + previewSwapDataViewRequest: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': + #/components/examples/Data_views_preview_swap_data_view_request + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': + type: object + properties: + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Preview a saved object reference swap + tags: + - data views + /api/detection_engine/privileges: + get: + description: > + Retrieves whether or not the user is authenticated, and the user's + Kibana + + space and index privileges, which determine if the user can create an + + index for the Elastic Security alerts generated by + + detection engine rules. + operationId: ReadPrivileges + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': + type: object + properties: + has_encryption_key: + type: boolean + is_authenticated: + type: boolean + required: + - is_authenticated + - has_encryption_key + description: Successful response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Updates an endpoint list item + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Returns user privileges for the Kibana space tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items/_find: - get: - operationId: FindEndpointListItems + - Security Detections API + - Privileges API + /api/detection_engine/rules: + delete: + description: Delete a detection rule using the `rule_id` or `id` field. + operationId: DeleteRule parameters: - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. + - description: The rule's `id` value. in: query - name: filter + name: id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter - - description: The page number to return + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. in: query - name: page + name: rule_id required: false schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Delete a detection rule + tags: + - Security Detections API + - Rules API + get: + description: Retrieve a detection rule using the `rule_id` or `id` field. + operationId: ReadRule + parameters: + - description: The rule's `id` value. in: query - name: per_page + name: id required: false schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - - description: 'Determines the sort order, which can be `desc` or `asc`' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. in: query - name: sort_order + name: rule_id required: false schema: - enum: - - desc - - asc - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Finds endpoint list items + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Retrieve a detection rule tags: - - Security Endpoint Exceptions API - /api/endpoint/action: - get: - description: Get a list of all response actions. - operationId: EndpointGetActionsList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery + - Security Detections API + - Rules API + patch: + description: >- + Update specific fields of an existing detection rule using the `rule_id` + or `id` field. + operationId: PatchRule + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get response actions + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Patch a detection rule tags: - - Security Endpoint Management API - '/api/endpoint/action_log/{agent_id}': - get: - deprecated: true - description: Get an action request log for the specified agent ID. - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery + - Security Detections API + - Rules API + post: + description: Create a new detection rule. + operationId: CreateRule + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an action request log + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Create a detection rule tags: - - Security Endpoint Management API - /api/endpoint/action_status: - get: - description: Get the status of response actions for the specified agent IDs. - operationId: EndpointGetActionsStatus - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agent_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' + - Security Detections API + - Rules API + put: + description: > + Update a detection rule using the `rule_id` or `id` field. The original + rule is replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` or `rule_id` values. + operationId: UpdateRule + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse - description: OK - summary: Get response actions status + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Update a detection rule tags: - - Security Endpoint Management API - '/api/endpoint/action/{action_id}': - get: - description: Get the details of a response action using the action ID. - operationId: EndpointGetActionsDetails + - Security Detections API + - Rules API + /api/detection_engine/rules/_bulk_action: + post: + description: >- + Apply a bulk action, such as bulk edit, duplicate, or delete, to + multiple detection rules. The bulk action is applied to all rules that + match the query or to the rules listed by their IDs. + operationId: PerformRulesBulkAction parameters: - - in: path - name: action_id - required: true + - description: Enables dry run mode for the request call. + in: query + name: dry_run + required: false schema: - type: string + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDuplicateRules + - $ref: >- + #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionResponse + - $ref: >- + #/components/schemas/Security_Detections_API_BulkExportActionResponse description: OK - summary: Get action details + summary: Apply a bulk action to detection rules tags: - - Security Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}': - get: - description: Get information for the specified file using the file ID. - operationId: EndpointFileInfo + - Security Detections API + - Bulk API + /api/detection_engine/rules/_export: + post: + description: > + Export detection rules to an `.ndjson` file. The following configuration + items are also included in the `.ndjson` file: + + - Actions + + - Exception lists + + > info + + > You cannot export prebuilt rules. + operationId: ExportRules parameters: - - in: path - name: action_id - required: true + - description: Determines whether a summary of the exported rules is returned. + in: query + name: exclude_export_details + required: false schema: - type: string - - in: path - name: file_id - required: true + default: false + type: boolean + - description: File name for saving the exported rules. + in: query + name: file_name + required: false schema: + default: export.ndjson type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + nullable: true + type: object + properties: + objects: + description: >- + Array of `rule_id` fields. Exports all rules when + unspecified. + items: + type: object + properties: + rule_id: + $ref: >- + #/components/schemas/Security_Detections_API_RuleSignatureId + required: + - rule_id + type: array + required: + - objects + required: false responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get file information + description: An `.ndjson` file containing the returned rules. + format: binary + type: string + description: Indicates a successful call. + summary: Export detection rules tags: - - Security Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}/download': + - Security Detections API + - Import/Export API + /api/detection_engine/rules/_find: get: - description: Download a file from an endpoint. - operationId: EndpointFileDownload + description: >- + Retrieve a paginated list of detection rules. By default, the first page + is returned, with 20 results per page. + operationId: FindRules parameters: - - in: path - name: action_id - required: true + - in: query + name: fields + required: false schema: - type: string - - in: path - name: file_id - required: true + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false schema: type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Rules per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Download a file + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RuleResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + summary: List all detection rules tags: - - Security Endpoint Management API - /api/endpoint/action/execute: + - Security Detections API + - Rules API + /api/detection_engine/rules/_import: post: - description: Run a shell command on an endpoint. - operationId: EndpointExecuteAction + description: > + Import detection rules from an `.ndjson` file, including actions and + exception lists. The request must include: + + - The `Content-Type: multipart/form-data` HTTP header. + + - A link to the `.ndjson` file containing the rules. + operationId: ImportRules + parameters: + - description: >- + Determines whether existing rules with the same `rule_id` are + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing exception lists with the same `list_id` + are overwritten. + in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing actions with the same + `kibana.alert.rule.actions.id` are overwritten. + in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: Generates a new list ID for each imported exception list. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + type: object + properties: + file: + description: The `.ndjson` file containing the rules. + format: binary + type: string required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Run a command + additionalProperties: false + type: object + properties: + action_connectors_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + action_connectors_success: + type: boolean + action_connectors_success_count: + minimum: 0 + type: integer + action_connectors_warnings: + items: + $ref: >- + #/components/schemas/Security_Detections_API_WarningSchema + type: array + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_success: + type: boolean + exceptions_success_count: + minimum: 0 + type: integer + rules_count: + minimum: 0 + type: integer + success: + type: boolean + success_count: + minimum: 0 + type: integer + required: + - exceptions_success + - exceptions_success_count + - exceptions_errors + - rules_count + - success + - success_count + - errors + - action_connectors_errors + - action_connectors_warnings + - action_connectors_success + - action_connectors_success_count + description: Indicates a successful call. + summary: Import detection rules tags: - - Security Endpoint Management API - /api/endpoint/action/get_file: + - Security Detections API + - Import/Export API + /api/detection_engine/rules/{id}/exceptions: post: - description: Get a file from an endpoint. - operationId: EndpointGetFileAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a file - tags: - - Security Endpoint Management API - /api/endpoint/action/isolate: - post: - description: >- - Isolate an endpoint from the network. The endpoint remains isolated - until it's released. - operationId: EndpointIsolateAction + description: Create exception items that apply to a single detection rule. + operationId: CreateRuleExceptionListItems + parameters: + - description: Detection rule's identifier + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody + type: object + properties: + items: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps + type: array + required: + - items + description: Rule exception list items required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Isolate an endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/kill_process: - post: - description: Terminate a running process on an endpoint. - operationId: EndpointKillProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody - required: true - responses: - '200': + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Terminate a process - tags: - - Security Endpoint Management API - /api/endpoint/action/running_procs: - post: - description: Get a list of all processes running on an endpoint. - operationId: EndpointGetProcessesAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get running processes - tags: - - Security Endpoint Management API - /api/endpoint/action/scan: - post: - description: Scan a specific file or directory on an endpoint for malware. - operationId: EndpointScanAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody - required: true - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Scan a file or directory - tags: - - Security Endpoint Management API - /api/endpoint/action/state: - get: - description: >- - Get a response actions state, which reports whether encryption is - enabled. - operationId: EndpointGetActionsState - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse - description: OK - summary: Get actions state + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create rule exception list items tags: - - Security Endpoint Management API - /api/endpoint/action/suspend_process: + - Security Exceptions API + /api/detection_engine/rules/preview: post: - description: Suspend a running process on an endpoint. - operationId: EndpointSuspendProcessAction + operationId: RulePreview + parameters: + - description: >- + Enables logging and returning in response ES queries, performed + during rule execution + in: query + name: enable_logged_requests + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody + anyOf: + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EsqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + discriminator: + propertyName: type + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied required: true responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + isAborted: + type: boolean + logs: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewLogs + type: array + previewId: + $ref: >- + #/components/schemas/Security_Detections_API_NonEmptyString + required: + - logs + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Suspend a process + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Preview rule alerts generated on specified time range tags: - - Security Endpoint Management API - /api/endpoint/action/unisolate: + - Security Detections API + - Rule preview API + /api/detection_engine/signals/assignees: post: - description: 'Release an isolated endpoint, allowing it to rejoin a network.' - operationId: EndpointUnisolateAction + description: | + Assign users to detection alerts, and unassign them from alerts. + > info + > You cannot add and remove the same assignee in the same request. + operationId: SetAlertAssignees requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Release an isolated endpoint + type: object + properties: + assignees: + $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' + description: Details about the assignees to assign and unassign. + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + description: List of alerts ids to assign and unassign passed assignees. + required: + - assignees + - ids + required: true + responses: + '200': + description: Indicates a successful call. + '400': + description: Invalid request. + summary: Assign and unassign users from detection alerts tags: - - Security Endpoint Management API - /api/endpoint/action/upload: + - Security Detections API + /api/detection_engine/signals/search: post: - description: Upload a file to an endpoint. - operationId: EndpointUploadAction + description: Find and/or aggregate detection alerts that match the given query. + operationId: SearchAlerts requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + description: Elasticsearch query and aggregation request + type: object + properties: + _source: + oneOf: + - type: boolean + - type: string + - items: + type: string + type: array + aggs: + additionalProperties: true + type: object + fields: + items: + type: string + type: array + query: + additionalProperties: true + type: object + runtime_mappings: + additionalProperties: true + type: object + size: + minimum: 0 + type: integer + sort: + $ref: '#/components/schemas/Security_Detections_API_AlertsSort' + track_total_hits: + type: boolean + description: Search and/or aggregation query required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Upload a file - tags: - - Security Endpoint Management API - /api/endpoint/metadata: - get: - operationId: GetEndpointMetadataList - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery - responses: - '200': + additionalProperties: true + description: Elasticsearch search response + type: object + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a metadata list - tags: - - Security Endpoint Management API - '/api/endpoint/metadata/{id}': - get: - operationId: GetEndpointMetadata - parameters: - - in: path - name: id - required: true - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata - tags: - - Security Endpoint Management API - /api/endpoint/metadata/transforms: - get: - deprecated: true - operationId: GetEndpointMetadataTransform - responses: - '200': + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata transforms + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Find and/or aggregate detection alerts tags: - - Security Endpoint Management API - /api/endpoint/policy_response: - get: - operationId: GetPolicyResponse - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agentId: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + - Security Detections API + - Alerts API + /api/detection_engine/signals/status: + post: + description: Set the status of one or more detection alerts. + operationId: SetAlertsStatus + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByIds + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery + description: >- + An object containing desired status and explicit alert ids or a query + to select alerts + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a policy response - tags: - - Security Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': + additionalProperties: true + description: Elasticsearch update by query response + type: object + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an agent policy summary - tags: - - Security Endpoint Management API - '/api/endpoint/protection_updates_note/{package_policy_id}': - get: - operationId: GetProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Get a protection updates note + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Set a detection alert status tags: - - Security Endpoint Management API + - Security Detections API + - Alerts API + /api/detection_engine/signals/tags: post: - operationId: CreateUpdateProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string + description: | + And tags to detection alerts, and remove them from alerts. + > info + > You cannot add and remove the same alert tag in the same request. + operationId: SetAlertTags requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - note: - type: string + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + tags: + $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' + required: + - ids + - tags + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Create or update a protection updates note + additionalProperties: true + description: Elasticsearch update by query response + type: object + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Add and remove detection alert tags tags: - - Security Endpoint Management API - '/api/endpoint/suggestions/{suggestion_type}': - post: - deprecated: true - operationId: GetEndpointSuggestions - parameters: - - in: path - name: suggestion_type - required: true - schema: - enum: - - eventFilters - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true + - Security Detections API + - Alerts API + /api/detection_engine/tags: + get: + description: List all unique tags from all detection rules. + operationId: ReadTags responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get suggestions + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + description: Indicates a successful call + summary: List all detection rule tags tags: - - Security Endpoint Management API - /api/entity_store/engines: - get: - operationId: ListEntityEngines + - Security Detections API + - Tags API + /api/endpoint_list: + post: + description: >- + Create an endpoint exception list, which groups endpoint exception list + items. If an endpoint exception list already exists, an empty response + is returned. + operationId: CreateEndpointList responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - count: - type: integer - engines: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - type: array + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList description: Successful response - summary: List the Entity Engines + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Create an endpoint exception list tags: - - Security Entity Analytics API - '/api/entity_store/engines/{entityType}': + - Security Endpoint Exceptions API + /api/endpoint_list/items: delete: - operationId: DeleteEntityEngine + description: >- + Delete an endpoint exception list item using the `id` or `item_id` + field. + operationId: DeleteEndpointListItem parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - - description: Control flag to also delete the entity data. + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified in: query - name: data + name: item_id required: false schema: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - deleted: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response - summary: Delete the Entity Engine - tags: - - Security Entity Analytics API - get: - operationId: GetEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Get an Entity Engine - tags: - - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/init': - post: - operationId: InitEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - description: Schema for the engine initialization - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Initialize an Entity Engine - tags: - - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/start': - post: - operationId: StartEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - started: - type: boolean - description: Successful response - summary: Start an Entity Engine - tags: - - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/stats': - post: - operationId: GetEntityEngineStats - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - indices: - items: - type: object - type: array - status: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineStatus - transforms: - items: - type: object - type: array - type: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityType - description: Successful response - summary: Get Entity Engine stats - tags: - - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/stop': - post: - operationId: StopEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - stopped: - type: boolean - description: Successful response - summary: Stop an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/apply_dataview_indices: - post: - operationId: ApplyEntityEngineDataviewIndices - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Successful response - '207': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - items: - type: string - type: array - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Partial successful response + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Error response - summary: Apply DataView indices to all installed engines + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Delete an endpoint exception list item tags: - - Security Entity Analytics API - /api/entity_store/entities/list: + - Security Endpoint Exceptions API get: - description: 'List entities records, paging, sorting and filtering as needed.' - operationId: ListEntities - parameters: - - in: query - name: sort_field - required: false - schema: - type: string - - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - in: query - name: per_page - required: false - schema: - maximum: 10000 - minimum: 1 - type: integer - - description: An ES query to filter by. - in: query - name: filterQuery - required: false - schema: - type: string - - in: query - name: entities_types - required: true - schema: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - inspect: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_InspectQuery - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_Entity - type: array - total: - minimum: 0 - type: integer - required: - - records - - page - - per_page - - total - description: Entities returned successfully - summary: List Entity Store Entities - tags: - - Security Entity Analytics API - /api/exception_lists: - delete: - operationId: DeleteExceptionList + description: >- + Get the details of an endpoint exception list item using the `id` or + `item_id` field. + operationId: ReadEndpointListItem parameters: - - description: Either `id` or `list_id` must be specified + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type + name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: array description: Successful response '400': content: @@ -3314,157 +6729,96 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes an exception list + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Get an endpoint exception list item tags: - - Security Exceptions API - get: - operationId: ReadExceptionList - parameters: - - description: Either `id` or `list_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Retrieves an exception list using its `id` or `list_id` field - tags: - - Security Exceptions API + - Security Endpoint Exceptions API post: - operationId: CreateExceptionList + description: >- + Create an endpoint exception list item, and associate it with the + endpoint exception list. + operationId: CreateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] description: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - list_id: + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId meta: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName os_types: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] tags: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags default: [] type: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion - default: 1 + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: + - type - name - description - - type - description: Exception list's properties + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -3472,41 +6826,46 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item already exists '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Creates an exception list + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Create an endpoint exception list item tags: - - Security Exceptions API + - Security Endpoint Exceptions API put: - operationId: UpdateExceptionList + description: >- + Update an endpoint exception list item using the `id` or `item_id` + field. + operationId: UpdateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -3515,49 +6874,54 @@ paths: properties: _version: type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] description: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - list_id: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified meta: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName os_types: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags type: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: + - type - name - description - - type - description: Exception list's properties + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -3565,73 +6929,115 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Updates an exception list + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Update an endpoint exception list item tags: - - Security Exceptions API - /api/exception_lists/_duplicate: - post: - operationId: DuplicateExceptionList + - Security Endpoint Exceptions API + /api/endpoint_list/items/_find: + get: + description: Get a list of all endpoint exception list items. + operationId: FindEndpointListItems parameters: - - description: Exception list's human identifier + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. in: query - name: list_id - required: true + name: filter + required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: true + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false schema: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + - description: Determines the sort order, which can be `desc` or `asc` in: query - name: include_expired_exceptions - required: true + name: sort_order + required: false schema: - default: 'true' enum: - - 'true' - - 'false' + - desc + - asc type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total description: Successful response '400': content: @@ -3639,796 +7045,883 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '405': + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list to duplicate not found response + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Duplicates an exception list + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Get endpoint exception list items tags: - - Security Exceptions API - /api/exception_lists/_export: - post: - description: Exports an exception list and its associated items to an .ndjson file - operationId: ExportExceptionList + - Security Endpoint Exceptions API + /api/endpoint/action: + get: + description: Get a list of all response actions. + operationId: EndpointGetActionsList parameters: - - description: Exception list's identifier - in: query - name: id + - in: query + name: query required: true schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - in: query - name: list_id + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get response actions + tags: + - Security Endpoint Management API + /api/endpoint/action_log/{agent_id}: + get: + deprecated: true + description: Get an action request log for the specified agent ID. + operationId: EndpointGetActionLog + parameters: + - in: path + name: agent_id required: true schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - in: query - name: namespace_type + name: query required: true schema: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list - in: query - name: include_expired_exceptions - required: true - schema: - default: 'true' - enum: - - 'true' - - 'false' - type: string + #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery responses: '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: >- - A `.ndjson` file containing specified exception list and its - items - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get an action request log + tags: + - Security Endpoint Management API + /api/endpoint/action_status: + get: + description: Get the status of response actions for the specified agent IDs. + operationId: EndpointGetActionsStatus + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + agent_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': + #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse + description: OK + summary: Get response actions status + tags: + - Security Endpoint Management API + /api/endpoint/action/{action_id}: + get: + description: Get the details of a response action using the action ID. + operationId: EndpointGetActionsDetails + parameters: + - in: path + name: action_id + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get action details + tags: + - Security Endpoint Management API + /api/endpoint/action/{action_id}/file/{file_id}: + get: + description: Get information for the specified file using the file ID. + operationId: EndpointFileInfo + parameters: + - in: path + name: action_id + required: true + schema: + type: string + - in: path + name: file_id + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Exports an exception list + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get file information tags: - - Security Exceptions API - /api/exception_lists/_find: + - Security Endpoint Management API + /api/endpoint/action/{action_id}/file/{file_id}/download: get: - operationId: FindExceptionLists + description: Download a file from an endpoint. + operationId: EndpointFileDownload parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: - - - - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of exception lists to return per page - in: query - name: per_page - required: false - schema: - minimum: 1 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false + - in: path + name: action_id + required: true schema: type: string - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false + - in: path + name: file_id + required: true schema: - enum: - - desc - - asc type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionList - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Download a file + tags: + - Security Endpoint Management API + /api/endpoint/action/execute: + post: + description: Run a shell command on an endpoint. + operationId: EndpointExecuteAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Run a command + tags: + - Security Endpoint Management API + /api/endpoint/action/get_file: + post: + description: Get a file from an endpoint. + operationId: EndpointGetFileAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get a file + tags: + - Security Endpoint Management API + /api/endpoint/action/isolate: + post: + description: >- + Isolate an endpoint from the network. The endpoint remains isolated + until it's released. + operationId: EndpointIsolateAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Finds exception lists + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Isolate an endpoint tags: - - Security Exceptions API - /api/exception_lists/_import: + - Security Endpoint Management API + /api/endpoint/action/kill_process: post: - description: Imports an exception list and associated items - operationId: ImportExceptionList - parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. - in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false - type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - - list and its items are overwritten. - in: query - name: as_new_list - required: false - schema: - default: false - type: boolean + description: Terminate a running process on an endpoint. + operationId: EndpointKillProcessAction requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - format: binary - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - errors: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items - description: Successful response - '400': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Terminate a process + tags: + - Security Endpoint Management API + /api/endpoint/action/running_procs: + post: + description: Get a list of all processes running on an endpoint. + operationId: EndpointGetProcessesAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get running processes + tags: + - Security Endpoint Management API + /api/endpoint/action/scan: + post: + description: Scan a specific file or directory on an endpoint for malware. + operationId: EndpointScanAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Scan a file or directory + tags: + - Security Endpoint Management API + /api/endpoint/action/state: + get: + description: >- + Get a response actions state, which reports whether encryption is + enabled. + operationId: EndpointGetActionsState + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': + #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse + description: OK + summary: Get actions state + tags: + - Security Endpoint Management API + /api/endpoint/action/suspend_process: + post: + description: Suspend a running process on an endpoint. + operationId: EndpointSuspendProcessAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Imports an exception list + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Suspend a process tags: - - Security Exceptions API - /api/exception_lists/items: - delete: - operationId: DeleteExceptionListItem - parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + - Security Endpoint Management API + /api/endpoint/action/unisolate: + post: + description: Release an isolated endpoint, allowing it to rejoin a network. + operationId: EndpointUnisolateAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody + required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Release an isolated endpoint + tags: + - Security Endpoint Management API + /api/endpoint/action/upload: + post: + description: Upload a file to an endpoint. + operationId: EndpointUploadAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes an exception list item + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Upload a file tags: - - Security Exceptions API + - Security Endpoint Management API + /api/endpoint/metadata: get: - operationId: ReadExceptionListItem + operationId: GetEndpointMetadataList parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query - name: namespace_type - required: false + name: query + required: true schema: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get a metadata list + tags: + - Security Endpoint Management API + /api/endpoint/metadata/{id}: + get: + operationId: GetEndpointMetadata + parameters: + - in: path + name: id + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get metadata + tags: + - Security Endpoint Management API + /api/endpoint/metadata/transforms: + get: + deprecated: true + operationId: GetEndpointMetadataTransform + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get metadata transforms + tags: + - Security Endpoint Management API + /api/endpoint/policy_response: + get: + operationId: GetPolicyResponse + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + agentId: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get a policy response + tags: + - Security Endpoint Management API + /api/endpoint/policy/summaries: + get: + deprecated: true + operationId: GetAgentPolicySummary + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + package_name: + type: string + policy_id: + nullable: true + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get an agent policy summary + tags: + - Security Endpoint Management API + /api/endpoint/protection_updates_note/{package_policy_id}: + get: + operationId: GetProtectionUpdatesNote + parameters: + - in: path + name: package_policy_id + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Gets an exception list item + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + description: OK + summary: Get a protection updates note tags: - - Security Exceptions API + - Security Endpoint Management API post: - operationId: CreateExceptionListItem + operationId: CreateUpdateProtectionUpdatesNote + parameters: + - in: path + name: package_policy_id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time + note: type: string - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType - required: - - list_id - - type - - name - - description - - entries - description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + description: OK + summary: Create or update a protection updates note + tags: + - Security Endpoint Management API + /api/endpoint/suggestions/{suggestion_type}: + post: + deprecated: true + operationId: GetEndpointSuggestions + parameters: + - in: path + name: suggestion_type + required: true + schema: + enum: + - eventFilters + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + field: + type: string + fieldMeta: {} + filters: {} + query: + type: string + required: + - parameters + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get suggestions + tags: + - Security Endpoint Management API + /api/entity_store/engines: + get: + operationId: ListEntityEngines + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': + type: object + properties: + count: + type: integer + engines: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + type: array + description: Successful response + summary: List the Entity Engines + tags: + - Security Entity Analytics API + /api/entity_store/engines/{entityType}: + delete: + operationId: DeleteEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + - description: Control flag to also delete the entity data. + in: query + name: data + required: false + schema: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item already exists response - '500': + type: object + properties: + deleted: + type: boolean + description: Successful response + summary: Delete the Entity Engine + tags: + - Security Entity Analytics API + get: + operationId: GetEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Creates an exception list item + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + description: Successful response + summary: Get an Entity Engine tags: - - Security Exceptions API - put: - operationId: UpdateExceptionListItem + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/init: + post: + operationId: InitEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time + fieldHistoryLength: + default: 10 + description: The number of historical values to keep for each field. + type: integer + filter: type: string - id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - type: + indexPattern: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + description: Schema for the engine initialization required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + summary: Initialize an Entity Engine + tags: + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/start: + post: + operationId: StartEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + type: object + properties: + started: + type: boolean + description: Successful response + summary: Start an Entity Engine + tags: + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/stats: + post: + operationId: GetEntityEngineStats + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': + type: object + properties: + indexPattern: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + indices: + items: + type: object + type: array + status: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineStatus + transforms: + items: + type: object + type: array + type: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityType + description: Successful response + summary: Get Entity Engine stats + tags: + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/stop: + post: + operationId: StopEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response + type: object + properties: + stopped: + type: boolean + description: Successful response + summary: Stop an Entity Engine + tags: + - Security Entity Analytics API + /api/entity_store/engines/apply_dataview_indices: + post: + operationId: ApplyEntityEngineDataviewIndices + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + result: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + type: array + success: + type: boolean + description: Successful response + '207': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + errors: + items: + type: string + type: array + result: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + type: array + success: + type: boolean + description: Partial successful response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Updates an exception list item + type: object + properties: + body: + type: string + statusCode: + type: number + description: Error response + summary: Apply DataView indices to all installed engines tags: - - Security Exceptions API - /api/exception_lists/items/_find: + - Security Entity Analytics API + /api/entity_store/entities/list: get: - operationId: FindExceptionListItems + description: List entities records, paging, sorting and filtering as needed. + operationId: ListEntities parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - type: array - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter - type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type + - in: query + name: sort_field required: false schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array + type: string - in: query - name: search + name: sort_order required: false schema: + enum: + - asc + - desc type: string - - description: The page number to return - in: query + - in: query name: page required: false schema: - minimum: 0 + minimum: 1 type: integer - - description: The number of exception list items to return per page - in: query + - in: query name: per_page required: false schema: - minimum: 0 + maximum: 10000 + minimum: 1 type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' + - description: An ES query to filter by. in: query - name: sort_order + name: filterQuery required: false schema: - enum: - - desc - - asc type: string + - in: query + name: entities_types + required: true + schema: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array responses: '200': content: @@ -4436,27 +7929,63 @@ paths: schema: type: object properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array + inspect: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_InspectQuery page: minimum: 1 type: integer per_page: + maximum: 1000 minimum: 1 type: integer - pit: - type: string + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_Entity + type: array total: minimum: 0 type: integer required: - - data + - records - page - per_page - total + description: Entities returned successfully + summary: List Entity Store Entities + tags: + - Security Entity Analytics API + /api/exception_lists: + delete: + description: Delete an exception list using the `id` or `list_id` field. + operationId: DeleteExceptionList + parameters: + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -4494,20 +8023,20 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Finds exception list items + summary: Delete an exception list tags: - Security Exceptions API - /api/exception_lists/summary: get: - operationId: ReadExceptionListSummary + description: Get the details of an exception list using the `id` or `list_id` field. + operationId: ReadExceptionList parameters: - - description: Exception list's identifier generated upon creation + - description: Either `id` or `list_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier + - description: Either `id` or `list_id` must be specified in: query name: list_id required: false @@ -4520,31 +8049,12 @@ paths: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single - - description: Search filter clause - in: query - name: filter - required: false - schema: - type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -4575,19 +8085,31 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response + description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Retrieves an exception list summary + summary: Get exception list details tags: - Security Exceptions API - /api/exceptions/shared: post: - operationId: CreateSharedExceptionList + description: > + An exception list groups exception items and can be associated with + detection rules. You can assign detection rules with multiple exception + lists. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. + operationId: CreateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -4597,12 +8119,38 @@ paths: description: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionListDescription + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion + default: 1 required: - name - description + - type + description: Exception list's properties required: true responses: '200': @@ -4647,595 +8195,330 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Creates a shared exception list + summary: Create an exception list tags: - Security Exceptions API - /api/fleet/agent_download_sources: - get: - operationId: get-download-sources - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_download_sources' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent binary download sources - tags: - - Elastic Agent binary download sources - post: - operationId: post-download-sources + put: + description: Update an exception list using the `id` or `list_id` field. + operationId: UpdateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - host: + _version: type: string + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription id: - type: string - is_default: - type: boolean + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: - type: string + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion required: - name - - host - - is_default + - description + - type + description: Exception list's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent binary download source - tags: - - Elastic Agent binary download sources - '/api/fleet/agent_download_sources/{sourceId}': - delete: - operationId: delete-download-source - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent binary download source by ID - tags: - - Elastic Agent binary download sources - get: - operationId: get-one-download-source - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent binary download source by ID - tags: - - Elastic Agent binary download sources - parameters: - - in: path - name: sourceId - required: true - schema: - type: string - put: - operationId: update-download-source - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - type: string - is_default: - type: boolean - name: - type: string - required: - - name - - is_default - - host - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent binary download source by ID + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: - get: - description: '' - operationId: agent-policy-list + - Security Exceptions API + /api/exception_lists/_duplicate: + post: + description: Duplicate an existing exception list. + operationId: DuplicateExceptionList parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' - - description: >- - When set to true, retrieve the related package policies for each - agent policy. + - description: Exception list's human identifier in: query - name: full + name: list_id + required: true schema: - type: boolean + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - description: >- - When set to true, do not count how many agents are in the agent - policy, this can improve performance if you are searching over a - large number of agent policies. The "agents" property will always be - 0 if set to true. + Determines whether to include expired exceptions in the exported + list in: query - name: noAgentCount + name: include_expired_exceptions + required: true schema: - type: boolean + default: 'true' + enum: + - 'true' + - 'false' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent policies - tags: - - Elastic Agent policies - post: - operationId: create-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_policy_create_request' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - operationId: bulk-get-agent-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of agent policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get agent policies - tags: - - Elastic Agent policies - '/api/fleet/agent_policies/{agentPolicyId}': - get: - description: Get one agent policy - operationId: agent-policy-info - parameters: [] - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' - put: - operationId: update-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_policy_update_request' - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '405': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent policy by ID + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list to duplicate not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Duplicate an exception list tags: - - Elastic Agent policies - '/api/fleet/agent_policies/{agentPolicyId}/copy': - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' + - Security Exceptions API + /api/exception_lists/_export: post: - operationId: agent-policy-copy + description: Export an exception list and its associated items to an NDJSON file. + operationId: ExportExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - type: string - name: - type: string - required: - - name - description: '' + - description: Exception list's identifier + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human identifier + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions + required: true + schema: + default: 'true' + enum: + - 'true' + - 'false' + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK + description: >- + A `.ndjson` file containing specified exception list and its + items + format: binary + type: string + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Copy agent policy by ID - tags: - - Elastic Agent policies - '/api/fleet/agent_policies/{agentPolicyId}/download': - get: - operationId: agent-policy-download - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Download agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - '/api/fleet/agent_policies/{agentPolicyId}/full': - get: - operationId: agent-policy-full - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - oneOf: - - type: string - - $ref: '#/components/schemas/Fleet_agent_policy_full' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /api/fleet/agent_policies/delete: - parameters: [] - post: - operationId: delete-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agentPolicyId: - type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean - required: - - agentPolicyId - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - success: - type: boolean - required: - - id - - success - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent policy by ID - tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - operationId: get-agent-status - parameters: - - in: query - name: policyId - required: false - schema: - type: string - - deprecated: true - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - active: - type: integer - all: - type: integer - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - deprecated: true - type: integer - unenrolled: - type: integer - updating: - type: integer - required: - - active - - all - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - operationId: get-agent-data - parameters: - - in: query - name: agentsIds - required: true - schema: - items: - type: string - type: array - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - additionalProperties: - type: object - properties: - data: - type: boolean - type: object - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get incoming agent data + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Export an exception list tags: - - Elastic Agent status - /api/fleet/agent-status: + - Security Exceptions API + /api/exception_lists/_find: get: - deprecated: true - operationId: get-agent-status-deprecated + description: Get a list of all exception lists. + operationId: FindExceptionLists parameters: - - in: query - name: policyId + - description: > + Filters the returned results according to the value of the specified + field. + + + Uses the `so type.field name:field` value syntax, where `so type` + can be: + + + - `exception-list`: Specify a space-aware exception list. + + - `exception-list-agnostic`: Specify an exception list that is + shared across spaces. + in: query + name: filter + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type required: false schema: + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - description: The number of exception lists to return per page + in: query + name: per_page + required: false + schema: + minimum: 1 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + type: string + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc type: string responses: '200': @@ -5244,100 +8527,113 @@ paths: schema: type: object properties: - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: + data: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionList + type: array + page: + minimum: 1 type: integer - other: + per_page: + minimum: 1 type: integer total: - type: integer - updating: + minimum: 0 type: integer required: - - error - - events - - inactive - - offline - - online - - other + - data + - page + - per_page - total - - updating - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /api/fleet/agents: - get: - operationId: get-agents - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_show_inactive' - - $ref: '#/components/parameters/Fleet_show_upgradeable' - - $ref: '#/components/parameters/Fleet_sort_field' - - $ref: '#/components/parameters/Fleet_sort_order' - - $ref: '#/components/parameters/Fleet_with_metrics' - - in: query - name: getStatusSummary - required: false - schema: - type: boolean - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agents_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception lists tags: - - Elastic Agents + - Security Exceptions API + /api/exception_lists/_import: post: - operationId: get-agents-by-actions + description: Import an exception list and its associated items from an NDJSON file. + operationId: ImportExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: > + Determines whether existing exception lists with the same `list_id` + are overwritten. + + If any exception items have the same `item_id`, those are also + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: > + Determines whether the list being imported will have a new `list_id` + generated. + + Additional `item_id`'s are generated for each exception item. Both + the exception + + list and its items are overwritten. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: type: object properties: - actionIds: - items: - type: string - type: array - required: - - policy_id + file: + description: A `.ndjson` file containing the exception list + format: binary + type: string required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_get_by_actions' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents by action ids - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}': - delete: - operationId: delete-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: @@ -5345,974 +8641,503 @@ paths: schema: type: object properties: - action: - enum: - - deleted - type: string + errors: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray + success: + type: boolean + success_count: + minimum: 0 + type: integer + success_count_exception_list_items: + minimum: 0 + type: integer + success_count_exception_lists: + minimum: 0 + type: integer + success_exception_list_items: + type: boolean + success_exception_lists: + type: boolean required: - - action - description: OK + - errors + - success + - success_count + - success_exception_lists + - success_count_exception_lists + - success_exception_list_items + - success_count_exception_list_items + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent by ID - tags: - - Elastic Agents - get: - operationId: get-agent - parameters: - - $ref: '#/components/parameters/Fleet_with_metrics' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent by ID - tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - put: - operationId: update-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - tags: - items: - type: string - type: array - user_provided_metadata: - type: object - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent by ID - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/actions': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: new-agent-action - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - $ref: '#/components/schemas/Fleet_agent_action' - required: true - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - items: - type: number - type: array - headers: - type: string - statusCode: - type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent action - tags: - - Elastic Agent actions - '/api/fleet/agents/{agentId}/reassign': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: reassign-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Import an exception list tags: - - Elastic Agents - put: - deprecated: true - operationId: reassign-agent-deprecated + - Security Exceptions API + /api/exception_lists/items: + delete: + description: Delete an exception list item using the `id` or `item_id` field. + operationId: DeleteExceptionListItem parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/request_diagnostics': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: request-diagnostics-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Request agent diagnostics - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/unenroll': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: unenroll-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: OK - '400': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: number - description: BAD REQUEST - summary: Unenroll agent - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/upgrade': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: upgrade-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - required: true - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade agent - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/uploads': - get: - operationId: list-agent-uploads - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - item: - items: - $ref: '#/components/schemas/Fleet_agent_diagnostics' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent uploads + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Delete an exception list item tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - /api/fleet/agents/action_status: + - Security Exceptions API get: - operationId: agents-action-status + description: >- + Get the details of an exception list item using the `id` or `item_id` + field. + operationId: ReadExceptionListItem parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query - name: errorSize + name: namespace_type + required: false schema: - default: 5 - type: integer + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - latestErrors: - description: >- - latest errors that happened when the agents executed - the action - items: - type: object - properties: - agentId: - type: string - error: - type: string - timestamp: - type: string - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: string - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - POLICY_REASSIGN - - UPGRADE - - UNENROLL - - FORCE_UNENROLL - - UPDATE_TAGS - - CANCEL - - REQUEST_DIAGNOSTICS - - SETTINGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - complete - - nbAgentsActioned - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - status - - creationTime - - type - type: array - required: - - items - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent action status - tags: - - Elastic Agent actions - '/api/fleet/agents/actions/{actionId}/cancel': - parameters: - - in: path - name: actionId - required: true - schema: - type: string - post: - operationId: agent-action-cancel - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_action' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Cancel agent action - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_reassign: - post: - operationId: bulk-reassign-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - policy_id: policy_id - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - policy_id: - description: new agent policy id - type: string - required: - - policy_id - - agents - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk reassign agents + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list item tags: - - Elastic Agents - /api/fleet/agents/bulk_request_diagnostics: + - Security Exceptions API post: - operationId: bulk-request-diagnostics - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: > + Create an exception item and associate it with the specified exception + list. + + > info + + > Before creating exception items, you must create an exception list. + operationId: CreateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' schema: type: object properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk request diagnostics from agents - tags: - - Elastic Agents - /api/fleet/agents/bulk_unenroll: - post: - operationId: bulk-unenroll-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - force: false - revoke: true - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - - agents + - list_id + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk unenroll agents - tags: - - Elastic Agents - /api/fleet/agents/bulk_update_agent_tags: - post: - operationId: bulk-update-agent-tags - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - tagsToAdd: - - newTag - tagsToRemove: - - existingTag - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk update agent tags - tags: - - Elastic Agents - /api/fleet/agents/bulk_upgrade: - post: - operationId: bulk-upgrade-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - rollout_duration_seconds: 3600 - source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' - start_time: '2022-08-03T14:00:00.000Z' - version: 8.4.0 - schema: - $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk upgrade agents - tags: - - Elastic Agents - '/api/fleet/agents/files/{fileId}': - delete: - operationId: delete-agent-upload-file - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - deleted: - type: boolean - id: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete file uploaded by agent - tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - '/api/fleet/agents/files/{fileId}/{fileName}': - get: - operationId: get-agent-upload-file - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - items: - type: object - properties: - body: {} - headers: {} - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get file uploaded by agent - tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - /api/fleet/agents/setup: - get: - operationId: get-agents-setup-status - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item already exists response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_status_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent setup info + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create an exception list item tags: - - Elastic Agents - post: - operationId: setup-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Exceptions API + put: + description: Update an exception list item using the `id` or `item_id` field. + operationId: UpdateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - admin_password: + _version: type: string - admin_username: + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time type: string + id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - - admin_username - - admin_password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Initiate agent setup - tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - operationId: get-agent-tags + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agent_tags_response' - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent tags - tags: - - Elastic Agents - /api/fleet/data_streams: - get: - operationId: data-streams-list - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data_streams: - items: - $ref: '#/components/schemas/Fleet_data_stream' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List data streams - tags: - - Data streams - parameters: [] - /api/fleet/enrollment_api_keys: - get: - operationId: get-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys - tags: - - Fleet enrollment API keys - post: - operationId: create-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - description: The name of the enrollment API key. Must be unique. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - policy_id - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - '/api/fleet/enrollment_api_keys/{keyId}': - delete: - operationId: delete-enrollment-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Revoke enrollment API key by ID by marking it as inactive - tags: - - Fleet enrollment API keys - get: - operationId: get-enrollment-api-key - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list item tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/enrollment-api-keys: + - Security Exceptions API + /api/exception_lists/items/_find: get: - deprecated: true - operationId: get-enrollment-api-keys-deprecated - parameters: [] + description: Get a list of all exception list items in the specified list. + operationId: FindExceptionListItems + parameters: + - description: List's id + in: query + name: list_id + required: true + schema: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + type: array + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. + in: query + name: filter + required: false + schema: + default: [] + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter + type: array + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type + required: false + schema: + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - in: query + name: search + required: false + schema: + type: string + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string responses: '200': content: @@ -6320,84 +9145,97 @@ paths: schema: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true + data: items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem type: array page: - type: number - perPage: - type: number + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string total: - type: number + minimum: 0 + type: integer required: - - items + - data - page - - perPage + - per_page - total - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys - tags: - - Fleet enrollment API keys - post: - deprecated: true - operationId: create-enrollment-api-keys-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - '/api/fleet/enrollment-api-keys/{keyId}': - delete: - deprecated: true - operationId: delete-enrollment-api-key-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list items tags: - - Fleet enrollment API keys + - Security Exceptions API + /api/exception_lists/summary: get: - deprecated: true - operationId: get-enrollment-api-key-deprecated + description: Get a summary of the specified exception list. + operationId: ReadExceptionListSummary + parameters: + - description: Exception list's identifier generated upon creation + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human readable identifier + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + - description: Search filter clause + in: query + name: filter + required: false + schema: + type: string responses: '200': content: @@ -6405,1347 +9243,4951 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list summary tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/epm/bulk_assets: + - Security Exceptions API + /api/exceptions/shared: post: - operationId: bulk-get-assets + description: > + An exception list groups exception items and can be associated with + detection rules. A shared exception list can apply to multiple detection + rules. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. + operationId: CreateSharedExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - assetIds: - description: list of items necessary to fetch assets - items: - type: object - properties: - id: - type: string - type: - type: string - type: array + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName required: - - assetIds + - name + - description + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_bulk_assets_response' - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get assets - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - operationId: get-package-categories - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_categories_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package categories + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create a shared exception list tags: - - Elastic Package Manager (EPM) - parameters: - - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: include_policy_templates - schema: - default: false - type: boolean - /api/fleet/epm/packages: + - Security Exceptions API + /api/fleet/agent_download_sources: get: - operationId: list-all-packages + description: List agent binary download sources + operationId: get-fleet-agent-download-sources parameters: - - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. - in: query - name: excludeInstallStatus - schema: - default: false - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: category + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_packages_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List packages - tags: - - Elastic Package Manager (EPM) - post: - description: '' - operationId: install-package-by-upload - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + additionalProperties: false type: object properties: - _meta: - type: object - properties: - install_source: - enum: - - upload - - registry - - bundled - type: string items: items: + additionalProperties: false type: object properties: + host: + format: uri + type: string id: type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string required: - id - - type + - name + - host type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items - description: OK + - total + - page + - perPage '400': - $ref: '#/components/responses/Fleet_error' - '429': - $ref: '#/components/responses/Fleet_error' - summary: Install by package by direct upload + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: + - Elastic Agent binary download sources post: - operationId: bulk-install-packages + description: Create agent binary download source + operationId: post-fleet-agent-download-sources parameters: - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease + - description: The version of the API to use + in: header + name: elastic-api-version schema: - default: false - type: boolean + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - force: - description: force install to ignore package verification errors + host: + format: uri + type: string + id: + type: string + is_default: + default: false type: boolean - packages: - description: list of packages to install - items: - oneOf: - - description: package name - type: string - - type: object - properties: - name: - description: package name - type: string - version: - description: package version - type: string - type: array + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the + proxies API for more information. + nullable: true + type: string required: - - packages + - name + - host responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_bulk_install_packages_response' - description: OK + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk install packages + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgkey}': + - Elastic Agent binary download sources + /api/fleet/agent_download_sources/{sourceId}: delete: - deprecated: true - operationId: delete-package-deprecated + description: Delete agent binary download source by ID + operationId: delete-fleet-agent-download-sources-sourceid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: pkgkey + name: sourceId required: true schema: type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + id: + type: string required: - - response - description: OK + - id '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete ackage + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) + - Elastic Agent binary download sources get: - deprecated: true - operationId: get-package-deprecated + description: Get agent binary download source by ID + operationId: get-fleet-agent-download-sources-sourceid parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - in: path - name: pkgkey + name: sourceId required: true schema: type: string - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - response: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - savedObject: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host: + format: uri type: string - status: - enum: - - installed - - installing - - install_failed - - not_installed + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true type: string required: - - status - - savedObject - type: object - description: OK + - id + - name + - host + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - post: - deprecated: true - description: '' - operationId: install-package-deprecated + - Elastic Agent binary download sources + put: + description: Update agent binary download source by ID + operationId: put-fleet-agent-download-sources-sourceid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover + example: 'true' + type: string + - in: path + name: sourceId + required: true schema: - default: false - type: boolean + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - force: + host: + format: uri + type: string + id: + type: string + is_default: + default: false type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the + proxies API for more information. + nullable: true + type: string + required: + - name + - host + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host required: - - response - description: OK + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgName}/{pkgVersion}': - delete: - operationId: delete-package + - Elastic Agent binary download sources + /api/fleet/agent_policies: + get: + description: List agent policies + operationId: get-fleet-agent-policies parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: delete package even if policies used by agents + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page + required: false + schema: + type: number + - in: query + name: perPage + required: false + schema: + type: number + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - desc + - asc + type: string + - in: query + name: showUpgradeable + required: false + schema: + type: boolean + - in: query + name: kuery + required: false + schema: + type: string + - description: use withAgentCount instead in: query - name: force + name: noAgentCount + required: false schema: + deprecated: true type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - deprecated: true - type: object - properties: - force: - type: boolean + - description: get policies with agent count + in: query + name: withAgentCount + required: false + schema: + type: boolean + - description: get full policies with package policies populated + in: query + name: full + required: false + schema: + type: boolean + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: + additionalProperties: false type: object properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean id: type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list + of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank + to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package + policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports + agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string required: - id - - type + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items - description: OK + - total + - page + - perPage '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package - tags: - - Elastic Package Manager (EPM) - get: - operationId: get-package - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - item: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - licensePath: - type: string - notice: - type: string - savedObject: - deprecated: true - type: object - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject + additionalProperties: false + description: Generic Error type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry - in: query - name: full - schema: - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean + - Elastic Agent policies post: - description: '' - operationId: install-package + description: Create an agent policy + operationId: post-fleet-agent-policies parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors + - description: The version of the API to use + in: header + name: elastic-api-version schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: sys_monitoring + required: false schema: - default: false type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - force: - type: boolean - ignore_constraints: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _meta: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false type: object properties: - install_source: - enum: - - registry - - upload - - bundled + enabled: + type: boolean + name: type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: >- + User defined data tags that are added to all of the inputs. + The values can be strings or numbers. items: - items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false type: object properties: - id: + burst: + type: number + interval: type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package - tags: - - Elastic Package Manager (EPM) - put: - description: '' - operationId: update-package - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - keepPoliciesUpToDate: + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent policy. + Input settings cannot be overridden. The override option + should be used only in unusual circumstances and not as a + routine procedure. + nullable: true + type: object + space_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - items: - items: - type: object - properties: - id: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision required: - - items - description: OK + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package settings - tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}': - get: - operationId: packages-get-file - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: - type: object - headers: - type: object + error: + type: string + message: + type: string statusCode: type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package file + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: post: - description: '' - operationId: reauthorize-transforms + description: Bulk get agent policies + operationId: post-fleet-agent-policies-bulk-get parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgName - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - in: path - name: pkgVersion + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: + example: 'true' type: string - - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) - in: query - name: prerelease + - in: query + name: format + required: false schema: - default: false - type: boolean + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - transforms: - items: - type: object - properties: - transformId: - type: string + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of package policy ids + items: + type: string type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: + additionalProperties: false type: object properties: - error: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list + of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank + to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package + policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive type: string - success: + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports + agentless integrations. + nullable: true type: boolean - transformId: + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: type: string required: - - transformId - - error + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision type: array required: - items - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Authorize transforms - tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgName}/stats': - get: - operationId: get-package-stats - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - response: - $ref: '#/components/schemas/Fleet_package_usage_stats' + error: + type: string + message: + type: string + statusCode: + type: number required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package stats - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - /api/fleet/epm/packages/limited: - get: - operationId: list-limited-packages - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: string - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get limited package list - tags: - - Elastic Package Manager (EPM) - parameters: [] - '/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs': - get: - operationId: get-inputs-template - responses: - '200': - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get inputs template + - message + summary: '' tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Format of response - json or yaml - in: query - name: format - schema: - enum: - - json - - yaml - - yml - type: string - - description: Specify if version is prerelease - in: query - name: prerelease - schema: - type: boolean - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - /api/fleet/epm/verification_key_id: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}: get: - operationId: packages-get-verification-key-id + description: Get an agent policy by ID + operationId: get-fleet-agent-policies-agentpolicyid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - body: + item: + additionalProperties: false type: object properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false description: >- - the key ID of the GPG key used to verify package - signatures + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: nullable: true type: string - headers: - type: object - statusCode: - type: number - description: OK + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package signature verification key ID - tags: - - Elastic Package Manager (EPM) - parameters: [] - /api/fleet/fleet_server_hosts: - get: - operationId: get-fleet-server-hosts - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_fleet_server_host' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List Fleet Server hosts - tags: - - Fleet Server hosts - post: - operationId: post-fleet-server-hosts - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host_urls: - items: + error: type: string - type: array - id: - type: string - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - type: string - required: - - name - - host_urls - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create Fleet Server host - tags: - - Fleet Server hosts - '/api/fleet/fleet_server_hosts/{itemId}': - delete: - operationId: delete-fleet-server-hosts - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: + message: type: string + statusCode: + type: number required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete Fleet Server host by ID - tags: - - Fleet Server hosts - get: - operationId: get-one-fleet-server-hosts - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get Fleet Server host by ID + - message + summary: '' tags: - - Fleet Server hosts - parameters: - - in: path - name: itemId - required: true - schema: - type: string + - Elastic Agent policies put: - operationId: update-fleet-server-hosts + description: Update an agent policy by ID + operationId: put-fleet-agent-policies-agentpolicyid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - host_urls: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: items: - type: string + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: >- + User defined data tags that are added to all of the inputs. + The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number is_default: type: boolean - is_internal: + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: type: boolean name: + minLength: 1 type: string - proxy_id: + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. + Override settings that are defined in the agent policy. + Input settings cannot be overridden. The override option + should be used only in unusual circumstances and not as a + routine procedure. nullable: true - type: string + type: object + space_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision required: - item - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Update Fleet Server host by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet Server hosts - /api/fleet/health_check: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/copy: post: - operationId: fleet-server-health-check + description: Copy an agent policy by ID + operationId: post-fleet-agent-policies-agentpolicyid-copy parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - host: - deprecated: true + description: type: string - id: + name: + minLength: 1 type: string required: - - id - required: true + - name responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - host: - deprecated: true - type: string - id: - description: Fleet Server host id + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: type: string - status: + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Fleet Server health check + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet internals - /api/fleet/kubernetes: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/download: get: - operationId: get-full-k8s-manifest + description: Download an agent policy by ID + operationId: get-fleet-agent-policies-agentpolicyid-download parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string - in: query name: download required: false schema: type: boolean - in: query - name: fleetServer + name: standalone required: false schema: - type: string + type: boolean - in: query - name: enrolToken + name: kubernetes required: false schema: - type: string + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + type: string + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error type: object properties: - item: + error: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full K8s agent manifest - tags: - - Fleet Kubernetes - /api/fleet/logstash_api_keys: - post: - operationId: generate-logstash-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + message: + type: string + statusCode: + type: number + required: + - message + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - api_key: + error: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Generate Logstash API key + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet outputs - /api/fleet/outputs: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/full: get: - operationId: get-outputs + description: Get a full agent policy by ID + operationId: get-fleet-agent-policies-agentpolicyid-full + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: standalone + required: false + schema: + type: boolean + - in: query + name: kubernetes + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_output_create_request' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK + item: + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + download: + additionalProperties: false + type: object + properties: + sourceURI: + type: string + required: + - sourceURI + features: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + type: object + monitoring: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + protection: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + signing_key: + type: string + uninstall_token_hash: + type: string + required: + - enabled + - uninstall_token_hash + - signing_key + required: + - monitoring + - download + - features + fleet: + anyOf: + - additionalProperties: false + type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + required: + - hosts + - proxy_headers + - additionalProperties: false + type: object + properties: + kibana: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + required: + - hosts + - protocol + required: + - kibana + id: + type: string + inputs: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + package_policy_id: + type: string + processors: + items: + additionalProperties: true + type: object + properties: + add_fields: + additionalProperties: true + type: object + properties: + fields: + additionalProperties: + anyOf: + - type: string + - type: number + type: object + target: + type: string + required: + - target + - fields + required: + - add_fields + type: array + revision: + type: number + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + type: array + namespaces: + items: + type: string + type: array + output_permissions: + additionalProperties: + additionalProperties: {} + type: object + type: object + outputs: + additionalProperties: + additionalProperties: true + type: object + properties: + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + type: + type: string + required: + - type + - proxy_headers + type: object + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + signed: + additionalProperties: false + type: object + properties: + data: + type: string + signature: + type: string + required: + - data + - signature + required: + - id + - outputs + - inputs + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: List outputs - tags: - - Fleet outputs - post: - operationId: post-outputs - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_create_request' - required: true - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create output + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet outputs - '/api/fleet/outputs/{outputId}': - delete: - operationId: delete-output + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/outputs: + get: + description: Get list of outputs associated with agent policy by policy id + operationId: get-fleet-agent-policies-agentpolicyid-outputs parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - id: - type: string + item: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + additionalProperties: false + type: object + properties: + integrations: + items: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + type: array + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + monitoring: + additionalProperties: false + type: object + properties: + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + required: + - monitoring + - data required: - - id - description: OK + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete output by ID - tags: - - Fleet outputs - get: - operationId: get-output - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get output by ID + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - put: - operationId: update-output + - Elastic Agent policies + /api/fleet/agent_policies/delete: + post: + description: Delete agent policy by ID + operationId: post-fleet-agent-policies-delete parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_output_update_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_update_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update output by ID - tags: - - Fleet outputs - '/api/fleet/outputs/{outputId}/health': - get: - operationId: get-output-health + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + force: + description: >- + bypass validation checks that can prevent agent policy + deletion + type: boolean + required: + - agentPolicyId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - message: - description: long message if unhealthy - type: string - state: - description: 'state of output, HEALTHY or DEGRADED' + id: type: string - timestamp: - description: timestamp of reported state + name: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get latest output health - tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - /api/fleet/package_policies: - get: - operationId: get-package-policies - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number required: - - items - description: OK + - id + - name '400': - $ref: '#/components/responses/Fleet_error' - summary: List package policies - tags: - - Fleet package policies - parameters: [] - post: - operationId: create-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - description: >- - You should use inputs as an object and not use the deprecated inputs - array. - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' + error: + type: string + message: + type: string + statusCode: + type: number required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Create package policy + - message + summary: '' tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: + - Elastic Agent policies + /api/fleet/agent_policies/outputs: post: - operationId: bulk-get-package-policies + description: Get list of outputs associated with agent policies + operationId: post-fleet-agent-policies-outputs parameters: - - $ref: '#/components/parameters/Fleet_format' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: ids: @@ -7753,8 +14195,6 @@ paths: items: type: string type: array - ignoreMissing: - type: boolean required: - ids responses: @@ -7762,2767 +14202,5964 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: - $ref: '#/components/schemas/Fleet_package_policy' + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + additionalProperties: false + type: object + properties: + integrations: + items: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + type: array + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + monitoring: + additionalProperties: false + type: object + properties: + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + required: + - monitoring + - data type: array required: - items - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get package policies - tags: - - Fleet package policies - '/api/fleet/package_policies/{packagePolicyId}': - delete: - operationId: delete-package-policy - parameters: - - in: query - name: force - schema: - type: boolean - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - id: + error: + type: string + message: type: string + statusCode: + type: number required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy by ID + - message + summary: '' tags: - - Fleet package policies + - Elastic Agent policies + /api/fleet/agent_status: get: - operationId: get-package-policy + description: Get agent status summary + operationId: get-fleet-agent-status parameters: - - $ref: '#/components/parameters/Fleet_format' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: policyId + required: false + schema: + type: string + - in: query + name: policyIds + required: false + schema: + anyOf: + - items: + type: string + type: array + - type: string + - in: query + name: kuery + required: false + schema: + deprecated: true + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' + results: + additionalProperties: false + type: object + properties: + active: + type: number + all: + type: number + error: + type: number + events: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + other: + type: number + total: + deprecated: true + type: number + unenrolled: + type: number + updating: + type: number + required: + - events + - total + - online + - error + - offline + - other + - updating + - inactive + - unenrolled + - all + - active required: - - item - description: OK + - results '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package policy by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet package policies - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - put: - operationId: update-package-policy + - Elastic Agent status + /api/fleet/agent_status/data: + get: + description: Get incoming agent data + operationId: get-fleet-agent-status-data parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: agentsIds + required: true + schema: + anyOf: + - items: + type: string + type: array + - type: string + - in: query + name: previewData + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package policy by ID - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - operationId: post-delete-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - packagePolicyIds: + dataPreview: + items: {} + type: array items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK + items: + additionalProperties: + additionalProperties: false + type: object + properties: + data: + type: boolean + required: + - data + type: object + type: array + required: + - items + - dataPreview '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - operationId: upgrade-package-policy - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade package policy to a newer package version - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - operationId: upgrade-package-policy-dry-run - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: + additionalProperties: false + description: Generic Error + type: object + properties: + error: type: string - type: array - packageVersion: + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + /api/fleet/agent-status: + get: + operationId: get-fleet-agent-status-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: policyId + required: false + schema: + type: string + - in: query + name: policyIds + required: false + schema: + anyOf: + - items: type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - agent_diff: - $ref: '#/components/schemas/Fleet_upgrade_agent_diff' - diff: - $ref: '#/components/schemas/Fleet_upgrade_diff' - hasErrors: - type: boolean - required: - - hasErrors type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Dry run package policy upgrade - tags: - - Fleet package policies - /api/fleet/proxies: + - type: string + - in: query + name: kuery + required: false + schema: + deprecated: true + type: string + responses: {} + summary: '' + tags: [] + /api/fleet/agents: get: - operationId: get-fleet-proxies + description: List agents + operationId: get-fleet-agents + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page + required: false + schema: + default: 1 + type: number + - in: query + name: perPage + required: false + schema: + default: 20 + type: number + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: showInactive + required: false + schema: + default: false + type: boolean + - in: query + name: withMetrics + required: false + schema: + default: false + type: boolean + - in: query + name: showUpgradeable + required: false + schema: + default: false + type: boolean + - in: query + name: getStatusSummary + required: false + schema: + default: false + type: boolean + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: - $ref: '#/components/schemas/Fleet_proxies' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List proxies - tags: - - Fleet proxies - post: - operationId: post-fleet-proxies - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - required: - - name - - url - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create proxy - tags: - - Fleet proxies - '/api/fleet/proxies/{itemId}': - delete: - operationId: delete-fleet-proxies - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + type: array + list: + deprecated: true + items: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + type: array + page: + type: number + perPage: + type: number + statusSummary: + additionalProperties: + type: number + type: object + total: + type: number required: - - id - description: OK + - items + - total + - page + - perPage '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete proxy by ID - tags: - - Fleet proxies - get: - operationId: get-one-fleet-proxies - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_proxies' + error: + type: string + message: + type: string + statusCode: + type: number required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get proxy by ID + - message + summary: '' tags: - - Fleet proxies - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-proxies + - Elastic Agents + post: + description: List agents by action ids + operationId: post-fleet-agents parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string + actionIds: + items: + type: string + type: array + required: + - actionIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_proxies' + items: + items: + type: string + type: array required: - - item - description: OK + - items '400': - $ref: '#/components/responses/Fleet_error' - summary: Update proxy by ID - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - operationId: generate-service-token - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - name: + error: type: string - value: + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet service tokens - /api/fleet/service-tokens: - post: - deprecated: true - operationId: generate-service-token-deprecated + - Elastic Agents + /api/fleet/agents/{agentId}: + delete: + description: Delete agent by ID + operationId: delete-fleet-agents-agentid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token - tags: - - Fleet service tokens - /api/fleet/settings: - get: - operationId: get-settings + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get settings - tags: - - Fleet internals - put: - operationId: update-settings - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_yaml_config: - type: string - delete_unenrolled_agents: - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - fleet_server_hosts: - description: Protocol and path must be the same for each URL - items: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted type: string - type: array - has_seen_add_data_notice: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update settings - tags: - - Fleet internals - /api/fleet/setup: - post: - operationId: setup - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK + required: + - action '400': - $ref: '#/components/responses/Fleet_error' - '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: + error: + type: string message: type: string - description: Internal Server Error - summary: Initiate Fleet setup + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet internals - /api/fleet/uninstall_tokens: + - Elastic Agents get: - operationId: get-uninstall-tokens + description: Get agent by ID + operationId: get-fleet-agents-agentid parameters: - - description: The number of items to return - in: query - name: perPage - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - default: 20 - minimum: 5 - type: integer - - $ref: '#/components/parameters/Fleet_page_index' - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentId + required: true schema: type: string + - in: query + name: withMetrics + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - items: - items: - type: object - properties: - created_at: + item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: type: string - id: + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: type: string - policy_id: + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata required: - - items - - total - - page - - perPage - description: OK + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: List metadata for latest uninstall tokens per agent policy + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet uninstall tokens - '/api/fleet/uninstall_tokens/{uninstallTokenId}': - get: - operationId: get-uninstall-token + - Elastic Agents + put: + description: Update agent by ID + operationId: put-fleet-agents-agentid parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: uninstallTokenId + name: agentId required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + tags: + items: + type: string + type: array + user_provided_metadata: + additionalProperties: {} + type: object responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: + additionalProperties: false type: object properties: - created_at: + access_api_key: type: string - id: + access_api_key_id: type: string - policy_id: + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: type: string - token: + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: type: string - required: + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: - id - - token - - policy_id - - created_at + - packages + - type + - active + - enrolled_at + - local_metadata required: - item - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Get one decrypted uninstall token by its ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet uninstall tokens - /api/lists: - delete: - operationId: DeleteList + - Elastic Agents + /api/fleet/agents/{agentId}/actions: + post: + description: Create agent action + operationId: post-fleet-agents-agentid-actions parameters: - - description: List's `id` value - in: query - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query - name: deleteReferences - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false + example: 'true' + type: string + - in: path + name: agentId + required: true schema: - default: false - type: boolean + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + action: + anyOf: + - additionalProperties: false + type: object + properties: + ack_data: {} + data: {} + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + required: + - type + - data + - ack_data + - additionalProperties: false + type: object + properties: + data: + additionalProperties: false + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + required: + - log_level + type: + enum: + - SETTINGS + type: string + required: + - type + - data + required: + - action responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + - agents + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - get: - operationId: ReadList + - Elastic Agent actions + /api/fleet/agents/{agentId}/reassign: + post: + description: Reassign agent + operationId: post-fleet-agents-agentid-reassign parameters: - - description: List's `id` value - in: query - name: id + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + policy_id: + type: string + required: + - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: {} '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Retrieves a list using its id field + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - patch: - operationId: PatchList + - Elastic Agent actions + put: + operationId: put-fleet-agents-agentid-reassign + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _version: + policy_id: type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer required: - - id - description: List's properties - required: true + - policy_id + responses: {} + summary: '' + tags: [] + /api/fleet/agents/{agentId}/request_diagnostics: + post: + description: Request agent diagnostics + operationId: post-fleet-agents-agentid-request-diagnostics + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patches a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agent actions + /api/fleet/agents/{agentId}/unenroll: post: - operationId: CreateList + description: Unenroll agent + operationId: post-fleet-agents-agentid-unenroll + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + nullable: true type: object properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Creates a list + force: + type: boolean + revoke: + type: boolean + responses: {} + summary: '' tags: - - Security Lists API - put: - operationId: UpdateList + - Elastic Agent actions + /api/fleet/agents/{agentId}/upgrade: + post: + description: Upgrade agent + operationId: post-fleet-agents-agentid-upgrade + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _version: + force: + type: boolean + skipRateLimitCheck: + type: boolean + source_uri: type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' version: - minimum: 1 - type: integer + type: string required: - - id - - name - - description - description: List's properties - required: true + - version responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: {} '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/uploads: + get: + description: List agent uploads + operationId: get-fleet-agents-agentid-uploads + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentId + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + actionId: + type: string + createTime: + type: string + error: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - EXPIRED + - IN_PROGRESS + - FAILED + type: string + required: + - id + - name + - filePath + - createTime + - status + - actionId + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Updates a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/_find: + - Elastic Agents + /api/fleet/agents/action_status: get: - operationId: FindLists + description: Get agent action status + operationId: get-fleet-agents-action-status parameters: - - description: The page number to return - in: query - name: page - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page required: false schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field + default: 0 + type: number + - in: query + name: perPage required: false schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order + default: 20 + type: number + - in: query + name: date required: false schema: - enum: - - desc - - asc type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor + - in: query + name: latest required: false schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter + type: number + - in: query + name: errorSize required: false schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' + default: 5 + type: number responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: + items: items: - $ref: '#/components/schemas/Security_Lists_API_List' + additionalProperties: false + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + hasRolloutPeriod: + type: boolean + latestErrors: + items: + additionalProperties: false + description: >- + latest errors that happened when the agents + executed the action + type: object + properties: + agentId: + type: string + error: + type: string + hostname: + type: string + timestamp: + type: string + required: + - agentId + - error + - timestamp + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: number + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - UPGRADE + - UNENROLL + - SETTINGS + - POLICY_REASSIGN + - CANCEL + - FORCE_UNENROLL + - REQUEST_DIAGNOSTICS + - UPDATE_TAGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - type + - nbAgentsActioned + - status + - creationTime type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer required: - - data - - page - - per_page - - total - - cursor - description: Successful response + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Finds lists + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/index: - delete: - operationId: DeleteListIndex + - Elastic Agent actions + /api/fleet/agents/actions/{actionId}/cancel: + post: + description: Cancel agent action + operationId: post-fleet-agents-actions-actionid-cancel + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: actionId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - acknowledged: - type: boolean + item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + - agents required: - - acknowledged - description: Successful response + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes list data streams + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agent actions + /api/fleet/agents/available_versions: get: - operationId: ReadListIndex + description: Get available agent versions + operationId: get-fleet-agents-available-versions + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - list_index: - type: boolean - list_item_index: - type: boolean + items: + items: + type: string + type: array required: - - list_index - - list_item_index - description: Successful response + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + /api/fleet/agents/bulk_reassign: + post: + description: Bulk reassign agents + operationId: post-fleet-agents-bulk-reassign + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + includeInactive: + default: false + type: boolean + policy_id: + type: string + required: + - policy_id + - agents + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream(s) not found response - '500': + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list data stream existence status + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agent actions + /api/fleet/agents/bulk_request_diagnostics: post: - operationId: CreateListIndex + description: Bulk request diagnostics from agents + operationId: post-fleet-agents-bulk-request-diagnostics + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + type: array + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - acknowledged: - type: boolean + actionId: + type: string required: - - acknowledged - description: Successful response + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Creates necessary list data streams + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items: - delete: - operationId: DeleteListItem + - Elastic Agent actions + /api/fleet/agents/bulk_unenroll: + post: + description: Bulk unenroll agents + operationId: post-fleet-agents-bulk-unenroll parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for + example: 'true' type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + description: KQL query string, leave empty to action all agents + type: string + type: array + - description: list of agent IDs + type: string + batchSize: + type: number + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - get: - operationId: ReadListItem + - Elastic Agent actions + /api/fleet/agents/bulk_update_agent_tags: + post: + description: Bulk update agent tags + operationId: post-fleet-agents-bulk-update-agent-tags parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: + example: 'true' type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + includeInactive: + default: false + type: boolean + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Gets a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - patch: - operationId: PatchListItem + - Elastic Agent actions + /api/fleet/agents/bulk_upgrade: + post: + description: Bulk upgrade agents + operationId: post-fleet-agents-bulk-upgrade + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + force: + type: boolean + includeInactive: + default: false + type: boolean + rollout_duration_seconds: + minimum: 600 + type: number + skipRateLimitCheck: + type: boolean + source_uri: + type: string + start_time: + type: string + version: type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - - id - description: List item's properties - required: true + - agents + - version responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agent actions + /api/fleet/agents/files/{fileId}: + delete: + description: Delete file uploaded by agent + operationId: delete-fleet-agents-files-fileid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: fileId + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': + additionalProperties: false + type: object + properties: + deleted: + type: boolean + id: + type: string + required: + - id + - deleted + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patches a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - post: - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value - description: List item's properties - required: true + - Elastic Agents + /api/fleet/agents/files/{fileId}/{fileName}: + get: + description: Get file uploaded by agent + operationId: get-fleet-agents-files-fileid-filename + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response + type: object '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + /api/fleet/agents/setup: + get: + description: Get agent setup info + operationId: get-fleet-agents-setup + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': + additionalProperties: false + description: >- + A summary of the agent setup status. `isReady` indicates + whether the setup is ready. If the setup is not ready, + `missing_requirements` lists which requirements are missing. + type: object + properties: + is_secrets_storage_enabled: + type: boolean + is_space_awareness_enabled: + type: boolean + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - security_required + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + post: + description: Initiate agent setup + operationId: post-fleet-agents-setup + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item already exists response - '500': + additionalProperties: false + description: >- + A summary of the result of Fleet's `setup` lifecycle. If + `isInitialized` is true, Fleet is ready to accept agent + enrollment. `nonFatalErrors` may include useful insight into + non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Creates a list item - tags: - - Security Lists API - put: - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value - description: List item's properties - required: true + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + /api/fleet/agents/tags: + get: + description: List agent tags + operationId: get-fleet-agents-tags + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: showInactive + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Updates a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items/_export: - post: - description: Exports list item values from the specified list - operationId: ExportListItems + - Elastic Agents + /api/fleet/check-permissions: + get: + description: Check permissions + operationId: get-fleet-check-permissions parameters: - - description: List's id to export - in: query - name: list_id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: fleetServerSetup + required: false + schema: + type: boolean responses: '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': + additionalProperties: false + type: object + properties: + error: + enum: + - MISSING_SECURITY + - MISSING_PRIVILEGES + - MISSING_FLEET_SERVER_SETUP_PRIVILEGES + type: string + success: + type: boolean + required: + - success + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/data_streams: + get: + description: List data streams + operationId: get-fleet-data-streams + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': + additionalProperties: false + type: object + properties: + data_streams: + items: + additionalProperties: false + type: object + properties: + dashboards: + items: + additionalProperties: false + type: object + properties: + id: + type: string + title: + type: string + required: + - id + - title + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + serviceDetails: + additionalProperties: false + nullable: true + type: object + properties: + environment: + type: string + serviceName: + type: string + required: + - environment + - serviceName + size_in_bytes: + type: number + size_in_bytes_formatted: + anyOf: + - type: number + - type: string + type: + type: string + required: + - index + - dataset + - namespace + - type + - package + - package_version + - last_activity_ms + - size_in_bytes + - size_in_bytes_formatted + - dashboards + - serviceDetails + type: array + required: + - data_streams + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Exports list items + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items/_find: + - Data streams + /api/fleet/enrollment_api_keys: get: - operationId: FindListItems + description: List enrollment API keys + operationId: get-fleet-enrollment-api-keys parameters: - - description: List's id - in: query - name: list_id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return - in: query + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query name: page required: false schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field + default: 1 + type: number + - in: query + name: perPage required: false schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order + default: 20 + type: number + - in: query + name: kuery required: false schema: - enum: - - desc - - asc type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor - data: + items: items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + type: array + list: + deprecated: true + items: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at type: array page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer + type: number + perPage: + type: number total: - minimum: 0 - type: integer + type: number required: - - data - - page - - per_page + - items - total - - cursor - description: Successful response + - page + - perPage + - list '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Finds list items + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items/_import: + - Fleet enrollment API keys post: - description: > - Imports a list of items from a `.txt` or `.csv` file. The maximum file - size is 9 million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems + description: Create enrollment API key + operationId: post-fleet-enrollment-api-keys parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - enum: - - 'true' - - 'false' - - wait_for + example: 'true' type: string requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary + expiration: type: string - required: true + name: + type: string + policy_id: + type: string + required: + - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + action: + enum: + - created + type: string + item: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + required: + - item + - action '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Imports list items - tags: - - Security Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet enrollment API keys + /api/fleet/enrollment_api_keys/{keyId}: + delete: + description: Revoke enrollment API key by ID by marking it as inactive + operationId: delete-fleet-enrollment-api-keys-keyid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: keyId + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + action: + enum: + - deleted + type: string required: - - lists - - listItems - - is_authenticated - description: Successful response + - action '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Gets list privileges + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/ml/saved_objects/sync: + - Fleet enrollment API keys get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync + description: Get enrollment API key by ID + operationId: get-fleet-enrollment-api-keys-keyid parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: keyId + required: true + schema: + type: string responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects - tags: - - ml - /api/note: - delete: - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. type: string - nullable: true - type: array - required: - - noteIds - description: The id of the note to delete. - required: true - responses: - '200': + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + required: + - item + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Deletes a note from a timeline. + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' + - Fleet enrollment API keys + /api/fleet/enrollment-api-keys: get: - description: Gets notes - operationId: GetNotes + operationId: get-fleet-enrollment-api-keys-2 parameters: - - in: query - name: documentIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - - in: query - name: savedObjectIds + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - in: query name: page + required: false schema: - nullable: true - type: string + default: 1 + type: number - in: query name: perPage + required: false schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string + default: 20 + type: number - in: query - name: sortOrder + name: kuery + required: false schema: - nullable: true type: string - - in: query - name: filter + responses: {} + summary: '' + tags: [] + post: + operationId: post-fleet-enrollment-api-keys-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version schema: - nullable: true + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - in: query - name: createdByFilter + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - nullable: true + example: 'true' type: string - - in: query - name: associatedFilter - schema: - $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object - description: Indicates the requested notes were returned. - summary: Get all notes for a given document. - tags: - - Security Timeline API - - 'access:securitySolution' - patch: - operationId: PersistNoteRoute requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true + expiration: type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - noteId: - nullable: true + name: type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true + policy_id: type: string required: - - note - description: The note to persist or update along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Persists a note to a timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/osquery/live_queries: + - policy_id + responses: {} + summary: '' + tags: [] + /api/fleet/enrollment-api-keys/{keyId}: + delete: + operationId: delete-fleet-enrollment-api-keys-keyid-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: keyId + required: true + schema: + type: string + responses: {} + summary: '' + tags: [] get: - description: Get a list of all live queries. - operationId: OsqueryFindLiveQueries + operationId: get-fleet-enrollment-api-keys-keyid-2 parameters: - - in: query - name: query + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: keyId required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live queries - tags: - - Security Osquery API + type: string + responses: {} + summary: '' + tags: [] + /api/fleet/epm/bulk_assets: post: - description: Create and run a live query. - operationId: OsqueryCreateLiveQuery + description: Bulk get assets + operationId: post-fleet-epm-bulk-assets + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody - required: true + additionalProperties: false + type: object + properties: + assetIds: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - id + - type + type: array + required: + - assetIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Osquery API - '/api/osquery/live_queries/{id}': - get: - description: Get the details of a live query using the query ID. - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + appLink: + type: string + attributes: + additionalProperties: false + type: object + properties: + description: + type: string + service: + type: string + title: + type: string + id: + type: string + type: + type: string + updatedAt: + type: string + required: + - id + - type + - attributes + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API - '/api/osquery/live_queries/{id}/results/{actionId}': + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: get: - description: Get the results of a live query using the query action ID. - operationId: OsqueryGetLiveQueryResults + description: List package categories + operationId: get-fleet-epm-categories parameters: - - in: path - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: path - name: actionId - required: true + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: prerelease + required: false schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' + type: boolean - in: query - name: query - required: true + name: experimental + required: false schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + type: boolean + - in: query + name: include_policy_templates + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Osquery API - /api/osquery/packs: - get: - description: Get a list of all query packs. - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' - responses: - '200': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + additionalProperties: false + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API + - Elastic Package Manager (EPM) + /api/fleet/epm/custom_integrations: post: - description: Create a query pack. - operationId: OsqueryCreatePacks + description: Create custom integration + operationId: post-fleet-epm-custom-integrations + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a pack - tags: - - Security Osquery API - '/api/osquery/packs/{id}': - delete: - description: Delete a query pack using the pack ID. - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a pack - tags: - - Security Osquery API - get: - description: Get the details of a query pack using the pack ID. - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' + additionalProperties: false + type: object + properties: + datasets: + items: + additionalProperties: false + type: object + properties: + name: + type: string + type: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + required: + - name + - type + type: array + force: + type: boolean + integrationName: + type: string + required: + - integrationName + - datasets responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get pack details - tags: - - Security Osquery API - put: - description: | - Update a query pack using the pack ID. - > info - > You cannot update a prebuilt pack. - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' - required: true - responses: - '200': + additionalProperties: false + type: object + properties: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a pack + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API - /api/osquery/saved_queries: + - Elastic Package Manager (EPM) + /api/fleet/epm/data_streams: get: - description: Get a list of all saved queries. - operationId: OsqueryFindSavedQueries + description: List data streams + operationId: get-fleet-epm-data-streams parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - in: query - name: query - required: true + name: type + required: false schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved queries - tags: - - Security Osquery API - post: - description: Create and run a saved query. - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody - required: true + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + - in: query + name: datasetQuery + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + default: asc + enum: + - asc + - desc + type: string + - in: query + name: uncategorisedOnly + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Osquery API - '/api/osquery/saved_queries/{id}': - delete: - description: Delete a saved query using the query ID. - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a saved query + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API + - Data streams + /api/fleet/epm/packages: get: - description: Get the details of a saved query using the query ID. - operationId: OsqueryGetSavedQueryDetails + description: List packages + operationId: get-fleet-epm-packages parameters: - - in: path - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: category + required: false + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: experimental + required: false + schema: + type: boolean + - in: query + name: excludeInstallStatus + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Osquery API - put: - description: | - Update a saved query using the query ID. - > info - > You cannot update a prebuilt saved query. - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: true + type: object + properties: + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + id: + type: string + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - id + type: array + response: + items: + additionalProperties: true + deprecated: true + type: object + properties: + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + id: + type: string + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - id + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a saved query + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API - /api/pinned_event: - patch: - operationId: PersistPinnedEventRoute + - Elastic Package Manager (EPM) + post: + description: Install package by upload + operationId: post-fleet-epm-packages + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: ignoreMappingUpdateErrors + required: false + schema: + default: false + type: boolean + - in: query + name: skipDataStreamRollover + required: false + schema: + default: false + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to persist or update along with additional metadata. - required: true + format: binary + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: + _meta: + additionalProperties: false type: object properties: - persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + install_source: + type: string required: - - persistPinnedEventOnTimeline + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array required: - - data - description: Indicate the event was successfully pinned in the timeline. - summary: Persists a pinned event to a timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': + - items + - _meta + '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse - description: Unexpected error - summary: Cleanup the Risk Engine + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Entity Analytics API - /api/risk_score/engine/schedule_now: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: post: - operationId: ScheduleRiskEngineNow - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: {} - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse - description: Unexpected error - summary: Schedule the risk engine to run as soon as possible - tags: - - Security Entity Analytics API - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault + description: Bulk install packages + operationId: post-fleet-epm-packages-bulk parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request schema: + additionalProperties: false type: object properties: - excludeExportDetails: + force: default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. type: boolean - objects: - description: A list of objects to export. + packages: items: - type: object + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + name: + type: string + prerelease: + type: boolean + version: + type: string + required: + - name + - version + minItems: 1 type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true + required: + - packages responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true + additionalProperties: false type: object - description: Indicates a successful call. + properties: + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + name: + type: string + result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + version: + type: string + required: + - name + - version + - result + - additionalProperties: false + type: object + properties: + error: + anyOf: + - type: string + - {} + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + name: + type: string + result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + version: + type: string + required: + - name + - version + - result + - additionalProperties: false + type: object + properties: + error: + anyOf: + - type: string + - {} + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + type: array + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - saved objects - /api/saved_objects/_import: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgkey}: + delete: + operationId: delete-fleet-epm-packages-pkgkey + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + required: + - force + responses: {} + summary: '' + tags: [] + get: + operationId: get-fleet-epm-packages-pkgkey + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgkey + required: true + schema: + type: string + - in: query + name: ignoreUnverified + required: false + schema: + type: boolean + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: full + required: false + schema: + type: boolean + - in: query + name: withMetadata + required: false + schema: + default: false + type: boolean + responses: {} + summary: '' + tags: [] post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault + operationId: post-fleet-epm-packages-pkgkey parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgkey + required: true + schema: + type: string + - in: query + name: prerelease required: false schema: type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite + - in: query + name: ignoreMappingUpdateErrors required: false schema: + default: false type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode + - in: query + name: skipDataStreamRollover required: false schema: + default: false type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + nullable: true type: object properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction + force: + type: boolean + required: + - force + responses: {} + summary: '' + tags: [] + put: + operationId: put-fleet-epm-packages-pkgkey + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgkey + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate + responses: {} + summary: '' + tags: [] + /api/fleet/epm/packages/{pkgName}/{pkgVersion}: + delete: + description: Delete package + operationId: delete-fleet-epm-packages-pkgname-pkgversion + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: force + required: false + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + required: + - force responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -10531,121 +20168,883 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Apply a bulk action to anonymization fields + required: + - message + summary: '' tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: + - Elastic Package Manager (EPM) get: - description: Get a list of all anonymization fields. - operationId: FindAnonymizationFields + description: Get package + operationId: get-fleet-epm-packages-pkgname-pkgversion parameters: - - in: query - name: fields - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgName + required: true schema: type: string - - description: Field to sort by - in: query - name: sort_field + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: ignoreUnverified required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order + type: boolean + - in: query + name: prerelease required: false schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page + type: boolean + - in: query + name: full required: false schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page + type: boolean + - in: query + name: withMetadata required: false schema: - default: 20 - minimum: 0 - type: integer + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. + item: + additionalProperties: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + metadata: + additionalProperties: false + type: object + properties: + has_policies: + type: boolean + required: + - has_policies + response: + additionalProperties: true + deprecated: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -10654,122 +21053,201 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Create a model response + required: + - message + summary: '' tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: + - Elastic Package Manager (EPM) post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations + description: Install package from registry + operationId: post-fleet-epm-packages-pkgname-pkgversion parameters: - - in: query - name: fields - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: + example: 'true' type: string - - description: Field to sort by - in: query - name: sort_field - required: false + - in: path + name: pkgName + required: true schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: prerelease required: false schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page + type: boolean + - in: query + name: ignoreMappingUpdateErrors required: false schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page + default: false + type: boolean + - in: query + name: skipDataStreamRollover required: false schema: - default: 20 - minimum: 0 - type: integer + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + force: + default: false + type: boolean + ignore_constraints: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type type: array - page: - type: integer - perPage: - type: integer - total: - type: integer required: - - page - - perPage - - total - - data - description: Successful response + - items + - _meta '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -10778,171 +21256,872 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Get conversations + required: + - message + summary: '' tags: - - Security AI Assistant API - - Conversations API - '/api/security_ai_assistant/current_user/conversations/{id}': - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation + - Elastic Package Manager (EPM) + put: + description: Update package settings + operationId: put-fleet-epm-packages-pkgname-pkgversion parameters: - - description: The conversation's `id` value. - in: path - name: id + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id + example: 'true' + type: string + - in: path + name: pkgName required: true schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id + type: string + - in: path + name: pkgVersion required: true schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true + additionalProperties: false + type: object + properties: + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + additionalProperties: false type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: + item: + additionalProperties: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + response: + additionalProperties: true + deprecated: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -10951,86 +22130,50 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Apply a bulk action to prompts + required: + - message + summary: '' tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: get: - description: Get a list of all prompts. - operationId: FindPrompts + description: Get package file + operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false + - in: path + name: pkgName + required: true schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false + type: string + - in: path + name: pkgVersion + required: true schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false + type: string + - in: path + name: filePath + required: true schema: - default: 20 - minimum: 0 - type: integer + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response + schema: {} '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -11039,67 +22182,120 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Get prompts + required: + - message + summary: '' tags: - - Security AI Assistant API - - Prompts API - /api/timeline: - delete: - operationId: DeleteTimelines + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + post: + description: Authorize transforms + operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines + transforms: items: - type: string + additionalProperties: false + type: object + properties: + transformId: + type: string + required: + - transformId type: array required: - - savedObjectIds - description: The ids of the timelines or timeline templates to delete. - required: true + - transforms responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + items: + additionalProperties: false + type: object + properties: + error: + nullable: true + success: + type: boolean + transformId: + type: string + required: + - transformId + - success + - error + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error type: object properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline + error: + type: string + message: + type: string + statusCode: + type: number required: - - data - description: Indicates the timeline was successfully deleted. - summary: Deletes one or more timelines or timeline templates. + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/stats: get: - operationId: GetTimeline + description: Get package stats + operationId: get-fleet-epm-packages-pkgname-stats parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: The ID of the timeline to retrieve - in: query - name: id + - in: path + name: pkgName + required: true schema: type: string responses: @@ -11107,5579 +22303,18255 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - type: object + additionalProperties: false + type: object + properties: + response: + additionalProperties: false + type: object properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - required: - - getOneTimeline + agent_policy_count: + type: number required: - - data - - additionalProperties: false - type: object - description: Indicates that the (template) timeline was found and returned. - summary: >- - Get an existing saved timeline or timeline template. This API is used to - retrieve an existing saved timeline or timeline template. - tags: - - Security Timeline API - - 'access:securitySolution' - patch: - description: >- - Updates an existing timeline. This API is used to update the title, - description, date range, pinned events, pinned queries, and/or pinned - saved queries of an existing timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The timeline updates along with the timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '405': + - agent_policy_count + required: + - response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: >- - Indicates that the user does not have the required access to create - a draft timeline. - summary: Updates an existing timeline. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - post: - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required timeline fields used to create a new timeline along with - optional fields that will be created if not provided. - required: true + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/installed: + get: + description: Get installed packages + operationId: get-fleet-epm-packages-installed + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: dataStreamType + required: false + schema: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + - in: query + name: showOnlyActiveDataStreams + required: false + schema: + type: boolean + - in: query + name: nameQuery + required: false + schema: + type: string + - in: query + name: searchAfter + required: false + schema: + items: + anyOf: + - type: string + - type: number + type: array + - in: query + name: perPage + required: false + schema: + default: 15 + type: number + - in: query + name: sortOrder + required: false + schema: + default: asc + enum: + - asc + - desc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates the timeline was successfully created. - '405': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + dataStreams: + items: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + required: + - name + - title + type: array + description: + type: string + icons: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + name: + type: string + status: + type: string + title: + type: string + version: + type: string + required: + - name + - version + - status + - dataStreams + type: array + searchAfter: + items: + anyOf: + - type: string + - type: number + - type: boolean + - enum: [] + nullable: true + - {} + type: array + total: + type: number + required: + - items + - total + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: Indicates that there was an error in the timeline creation. - summary: Creates a new timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_copy: - get: - description: | - Copies and returns a timeline or timeline template. - operationId: CopyTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the timeline has been successfully copied. - summary: Copies timeline or timeline template + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_draft: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/limited: get: - operationId: GetDraftTimelines + description: Get limited package list + operationId: get-fleet-epm-packages-limited parameters: - - in: query - name: timelineType - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the draft timeline was successfully retrieved. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: + additionalProperties: false type: object properties: - message: - type: string - status_code: - type: number - description: >- - If a draft timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft timeline. - '409': + items: + items: + type: string + type: array + response: + deprecated: true + items: + type: string + type: array + required: + - items + '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: + error: + type: string message: type: string - status_code: + statusCode: type: number - description: >- - This should never happen, but if a draft timeline was not found and - we attempted to create one, it indicates that there is already a - draft timeline with the given timelineId. - summary: >- - Retrieves the draft timeline for the current user. If the user does not - have a draft timeline, an empty timeline is returned. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - post: - description: > - Retrieves a clean draft timeline. If a draft timeline does not exist, it - is created and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - required: true + - Elastic Package Manager (EPM) + /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: + get: + description: Get inputs template + operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + default: json + enum: + - json + - yml + - yaml + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: ignoreUnverified + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '403': + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + inputs: + items: + additionalProperties: false + type: object + properties: + id: + type: string + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + required: + - id + - type + type: array + required: + - inputs + '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: + error: + type: string message: type: string - status_code: + statusCode: type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft timeline. - '409': + required: + - message + summary: '' + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/verification_key_id: + get: + description: Get a package signature verification key ID + operationId: get-fleet-epm-verification-key-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - message: - type: string - status_code: + id: + nullable: true + type: string + required: + - id + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: type: number - description: >- - Indicates that there is already a draft timeline with the given - timelineId. - summary: Retrieves a draft timeline or timeline template. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_export: - post: - operationId: ExportTimelines + - Elastic Package Manager (EPM) + /api/fleet/fleet_server_hosts: + get: + description: List Fleet Server hosts + operationId: get-fleet-fleet-server-hosts parameters: - - description: The name of the file to export - in: query - name: file_name - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The ids of the timelines to export - required: true responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - description: NDJSON of the exported timelines - type: string - description: Indicates the timelines were successfully exported + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage '400': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: Indicates that the export size limit was exceeded - summary: Exports timelines as an NDJSON file + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_favorite: - patch: - operationId: PersistFavoriteRoute + - Fleet Server hosts + post: + description: Create Fleet Server host + operationId: post-fleet-fleet-server-hosts + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - templateTimelineId: - nullable: true + host_urls: + items: + type: string + minItems: 1 + type: array + id: type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + proxy_id: nullable: true + type: string required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) timeline. - required: true + - name + - host_urls responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: + item: + additionalProperties: false type: object properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string required: - - persistFavorite + - id + - name + - host_urls required: - - data - description: Indicates the favorite status was successfully updated. - '403': + - item + '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Persists a given users favorite status of a timeline. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_import: - post: - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: {} - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - file - description: The timelines to import as a readable stream. - required: true + - Fleet Server hosts + /api/fleet/fleet_server_hosts/{itemId}: + delete: + description: Delete Fleet Server host by ID + operationId: delete-fleet-fleet-server-hosts-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the import of timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + additionalProperties: false type: object properties: - body: - type: string id: type: string - statusCode: - type: number - description: >- - Indicates the import of timelines was unsuccessful because of an - invalid file extension. - '404': + required: + - id + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - id: + error: + type: string + message: type: string statusCode: type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': + required: + - message + summary: '' + tags: + - Fleet Server hosts + get: + description: Get Fleet Server host by ID + operationId: get-fleet-fleet-server-hosts-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of timelines was unsuccessful. - summary: Imports timelines. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_prepackaged: - post: - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet Server hosts + put: + description: Update Fleet Server host by ID + operationId: put-fleet-fleet-server-hosts-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false type: object properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: + host_urls: items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true + type: string + minItems: 1 type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The timelines to install or update. - required: true + - proxy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the installation of prepackaged timelines was successful. - '500': + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: >- - Indicates the installation of prepackaged timelines was - unsuccessful. - summary: Installs prepackaged timelines. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/resolve: - get: - operationId: ResolveTimeline + - Fleet Server hosts + /api/fleet/health_check: + post: + description: Check Fleet Server health + operationId: post-fleet-health-check parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: The ID of the timeline to resolve - in: query - name: id + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: + example: 'true' type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + required: + - id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline - required: - - data - - additionalProperties: false - type: object - description: The (template) timeline has been found + additionalProperties: false + type: object + properties: + host: + deprecated: true + type: string + host_id: + type: string + name: + type: string + status: + type: string + required: + - status '400': - description: The request is missing parameters + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message '404': - description: The (template) timeline was not found - summary: Get an existing saved timeline or timeline template. + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timelines: + - Fleet internals + /api/fleet/kubernetes: get: - operationId: GetTimelines + description: Get full K8s agent manifest + operationId: get-fleet-kubernetes parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite - schema: - enum: - - 'true' - - 'false' - nullable: true - type: string - - in: query - name: timeline_type - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - - in: query - name: sort_field - schema: - $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' - - in: query - name: sort_order + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - asc - - desc + - '2023-10-31' type: string - in: query - name: page_size + name: download + required: false schema: - nullable: true - type: string + type: boolean - in: query - name: page_index + name: fleetServer + required: false schema: - nullable: true type: string - in: query - name: search + name: enrolToken + required: false schema: - nullable: true type: string - - in: query - name: status - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - customTemplateTimelineCount: - type: number - defaultTimelineCount: - type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timeline: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - type: array - totalCount: - type: number + item: + type: string required: - - timeline - - totalCount - description: Indicates that the (template) timelines were found and returned. + - item '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: Bad request. The user supplied invalid data. - summary: >- - This API is used to retrieve a list of existing saved timelines or - timeline templates. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - '/s/{spaceId}/api/observability/slos': + - Elastic Agent policies + /api/fleet/kubernetes/download: get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp + operationId: get-fleet-kubernetes-download parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage + - in: query + name: download + required: false schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy + type: boolean + - in: query + name: fleetServer + required: false schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining type: string - - description: Sort order - example: asc - in: query - name: sortDirection + - in: query + name: enrolToken + required: false schema: - default: asc - enum: - - asc - - desc type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request + type: string '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - slo + - Elastic Agent policies + /api/fleet/logstash_api_keys: post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp + description: Generate Logstash API key + operationId: post-fleet-logstash-api-keys parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request + additionalProperties: false + type: object + properties: + api_key: + type: string + required: + - api_key '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - servers: - - url: 'https://localhost:5601' - summary: Create an SLO + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': + - Fleet outputs + /api/fleet/message_signing_service/rotate_key_pair: post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp + description: Rotate fleet message signing key pair + operationId: post-fleet-message-signing-service-rotate-key-pair parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: acknowledge + required: false + schema: + default: false + type: boolean responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - servers: - - url: 'https://localhost:5601' - summary: Batch delete rollup and summary data + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp + - Message Signing Service + /api/fleet/outputs: + get: + description: List outputs + operationId: get-fleet-outputs parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp + - Fleet outputs + post: + description: Create output + operationId: post-fleet-outputs parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO - tags: - - slo -components: - examples: - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: 'emit(doc[''shape_name''].value)' - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: 'emit(doc["foo"].value)' - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: '$0,0.00' - products.base_unit_price: - id: number - params: - pattern: '$0,0.00' - products.min_price: - id: number - params: - pattern: '$0,0.00' - products.price: - id: number - params: - pattern: '$0,0.00' - products.taxful_price: - id: number - params: - pattern: '$0,0.00' - products.taxless_price: - id: number - params: - pattern: '$0,0.00' - taxful_total_price: - id: number - params: - pattern: '$0,0.[00]' - taxless_total_price: - id: number - params: - pattern: '$0,0.00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: '$0,0.[00]' - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false + anyOf: + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: false + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: false + type: object + properties: + password: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: false + type: object + properties: + topic: + type: string + when: + additionalProperties: false + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}: + delete: + description: Delete output by ID + operationId: delete-fleet-outputs-outputid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: outputId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + get: + description: Get output by ID + operationId: get-fleet-outputs-outputid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: outputId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + put: + description: Update output by ID + operationId: put-fleet-outputs-outputid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: outputId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: false + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: false + type: object + properties: + password: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: false + type: object + properties: + topic: + type: string + when: + additionalProperties: false + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - compression_level + - connection_type + - username + - password + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}/health: + get: + description: Get latest output health + operationId: get-fleet-outputs-outputid-health + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: outputId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + required: + - state + - message + - timestamp + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + /api/fleet/package_policies: + get: + description: List package policies + operationId: get-fleet-package-policies + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page + required: false + schema: type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: 'emit(doc["bar"].value)' - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Serverless_saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Serverless_saved_objects_import_objects_request: - value: - file: file.ndjson - Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - parameters: - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Fleet_format: - description: Simplified or legacy format for package inputs - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - Fleet_kbn_xsrf: - description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. - in: header - name: kbn-xsrf - required: true - schema: - type: string - Fleet_kuery: - in: query - name: kuery - required: false - schema: - type: string - Fleet_page_index: - in: query - name: page - required: false - schema: - default: 1 - type: integer - Fleet_page_size: - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - type: integer - Fleet_show_inactive: - in: query - name: showInactive - required: false - schema: - type: boolean - Fleet_show_upgradeable: - in: query - name: showUpgradeable - required: false - schema: - type: boolean - Fleet_sort_field: - in: query - name: sortField - required: false - schema: - deprecated: true - type: string - Fleet_sort_order: - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - Fleet_with_metrics: - description: 'Return agent metrics, false by default' - in: query - name: withMetrics - required: false - schema: - type: boolean - Machine_learning_APIs_simulateParam: + - in: query + name: perPage + required: false + schema: + type: number + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - desc + - asc + type: string + - in: query + name: showUpgradeable + required: false + schema: + type: boolean + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + - in: query + name: withAgentCount + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration + documentation to know what streams are + available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine + procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + post: + description: Create package policy + operationId: post-fleet-package-policies + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + description: >- + Force package policy creation even if package is not + verified, or if the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + required: + - type + - enabled + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the + agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation for more + information) + type: object + required: + - name + - inputs + - additionalProperties: false + type: object + properties: + description: + type: string + force: + type: boolean + id: + type: string + inputs: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default to + true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Input streams (see integration documentation to + know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration documentation to + know what inputs are available) + type: object + name: + type: string + namespace: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + nullable: true + type: string + policy_ids: + items: + type: string + type: array + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + required: + - name + - package + description: >- + You should use inputs as an object and not use the deprecated + inputs array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration documentation + to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/_bulk_get: + post: + description: Bulk get package policies + operationId: post-fleet-package-policies-bulk-get + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration + documentation to know what streams are + available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine + procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required: + - items + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/{packagePolicyId}: + delete: + description: Delete package policy by ID + operationId: delete-fleet-package-policies-packagepolicyid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: force + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + get: + description: Get package policy by ID + operationId: get-fleet-package-policies-packagepolicyid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration documentation + to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet package policies + put: + description: Update package policy by ID + operationId: put-fleet-package-policies-packagepolicyid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + type: boolean + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + required: + - type + - enabled + type: array + is_managed: + type: boolean + name: + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the + agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation for more + information) + type: object + version: + type: string + - additionalProperties: false + type: object + properties: + description: + type: string + force: + type: boolean + id: + type: string + inputs: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default to + true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Input streams (see integration documentation to + know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration documentation to + know what inputs are available) + type: object + name: + type: string + namespace: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + nullable: true + type: string + policy_ids: + items: + type: string + type: array + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + required: + - name + - package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration documentation + to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/delete: + post: + description: Bulk delete package policies + operationId: post-fleet-package-policies-delete + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + additionalProperties: false + type: object + properties: + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + id: + type: string + name: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Use `policy_ids` instead + nullable: true + type: string + policy_ids: + items: + type: string + type: array + statusCode: + type: number + success: + type: boolean + required: + - id + - success + - policy_ids + - package + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade: + post: + description: Upgrade package policy to a newer package version + operationId: post-fleet-package-policies-upgrade + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + additionalProperties: false + type: object + properties: + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + id: + type: string + name: + type: string + statusCode: + type: number + success: + type: boolean + required: + - id + - success + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + description: Dry run package policy upgrade + operationId: post-fleet-package-policies-upgrade-dryrun + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + additionalProperties: false + type: object + properties: + agent_diff: + items: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + required: + - package + name: + type: string + package_policy_id: + type: string + processors: + items: + additionalProperties: true + type: object + properties: + add_fields: + additionalProperties: true + type: object + properties: + fields: + additionalProperties: + anyOf: + - type: string + - type: number + type: object + target: + type: string + required: + - target + - fields + required: + - add_fields + type: array + revision: + type: number + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + type: array + type: array + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + diff: + items: + anyOf: + - additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default + to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration + documentation to know what streams are + available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are + available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should be + used only in unusual circumstances and not as + a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will + be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - revision + - updated_at + - updated_by + - created_at + - created_by + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + errors: + items: + additionalProperties: false + type: object + properties: + key: + type: string + message: + type: string + required: + - message + type: array + force: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + type: array + is_managed: + type: boolean + missingVars: + items: + type: string + type: array + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should be + used only in unusual circumstances and not as + a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will + be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - name + - enabled + - inputs + type: array + hasErrors: + type: boolean + name: + type: string + statusCode: + type: number + required: + - hasErrors + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/proxies: + get: + description: List proxies + operationId: get-fleet-proxies + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + post: + description: Create proxy + operationId: post-fleet-proxies + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - url + - name + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + /api/fleet/proxies/{itemId}: + delete: + description: Delete proxy by ID + operationId: delete-fleet-proxies-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + get: + description: Get proxy by ID + operationId: get-fleet-proxies-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + put: + description: Update proxy by ID + operationId: put-fleet-proxies-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - proxy_headers + - certificate_authorities + - certificate + - certificate_key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + description: Create a service token + operationId: post-fleet-service-tokens + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + remote: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + name: + type: string + value: + type: string + required: + - name + - value + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet service tokens + /api/fleet/service-tokens: + post: + description: Create a service token + operationId: post-fleet-service-tokens-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: {} + summary: '' + tags: [] + /api/fleet/settings: + get: + description: Get settings + operationId: get-fleet-settings + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + fleet_server_hosts: + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + required: + - id + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet internals + put: + description: Update settings + operationId: put-fleet-settings + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + additional_yaml_config: + type: string + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + fleet_server_hosts: + items: + format: uri + type: string + type: array + has_seen_add_data_notice: + type: boolean + kibana_ca_sha256: + type: string + kibana_urls: + items: + format: uri + type: string + type: array + prerelease_integrations_enabled: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + fleet_server_hosts: + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + required: + - id + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/setup: + post: + description: Initiate Fleet setup + operationId: post-fleet-setup + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: >- + A summary of the result of Fleet's `setup` lifecycle. If + `isInitialized` is true, Fleet is ready to accept agent + enrollment. `nonFatalErrors` may include useful insight into + non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Internal Server Error + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/uninstall_tokens: + get: + description: List metadata for latest uninstall tokens per agent policy + operationId: get-fleet-uninstall-tokens + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + maxLength: 50 + type: string + - in: query + name: search + required: false + schema: + maxLength: 50 + type: string + - description: The number of items to return + in: query + name: perPage + required: false + schema: + minimum: 5 + type: number + - in: query + name: page + required: false + schema: + minimum: 1 + type: number + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet uninstall tokens + /api/fleet/uninstall_tokens/{uninstallTokenId}: + get: + description: Get one decrypted uninstall token by its ID + operationId: get-fleet-uninstall-tokens-uninstalltokenid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + token: + type: string + required: + - id + - policy_id + - created_at + - token + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet uninstall tokens + /api/lists: + delete: + description: | + Delete a list using the list ID. + > info + > When you delete a list, all of its list items are also deleted. + operationId: DeleteList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - in: query + name: deleteReferences + required: false + schema: + default: false + type: boolean + - in: query + name: ignoreReferences + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list + tags: + - Security Lists API + get: + description: Get the details of a list using the list ID. + operationId: ReadList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list details + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list using the list ID. + operationId: PatchList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list + tags: + - Security Lists API + post: + description: Create a new list. + operationId: CreateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer + required: + - name + - description + - type + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list + tags: + - Security Lists API + put: + description: > + Update a list using the list ID. The original list is replaced, and all + unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + - name + - description + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list + tags: + - Security Lists API + /api/lists/_find: + get: + description: >- + Get a paginated subset of lists. By default, the first page is returned, + with 20 results per page. + operationId: FindLists + parameters: + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of lists to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_List' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get lists + tags: + - Security Lists API + /api/lists/index: + delete: + description: Delete the `.lists` and `.items` data streams. + operationId: DeleteListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete list data streams + tags: + - Security Lists API + get: + description: Verify that `.lists` and `.items` data streams exist. + operationId: ReadListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + list_index: + type: boolean + list_item_index: + type: boolean + required: + - list_index + - list_item_index + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream(s) not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get status of list data streams + tags: + - Security Lists API + post: + description: Create `.lists` and `.items` data streams in the relevant space. + operationId: CreateListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create list data streams + tags: + - Security Lists API + /api/lists/items: + delete: + description: Delete a list item using its `id`, or its `list_id` and `value` fields. + operationId: DeleteListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + default: 'false' + enum: + - 'true' + - 'false' + - wait_for + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list item + tags: + - Security Lists API + get: + description: Get the details of a list item. + operationId: ReadListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get a list item + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list item using the list item ID. + operationId: PatchListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list item + tags: + - Security Lists API + post: + description: > + Create a list item and associate it with the specified list. + + + All list items in the same list must be the same type. For example, each + list item in an `ip` list must define a specific IP address. + + > info + + > Before creating a list item, you must create a list. + operationId: CreateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - list_id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list item + tags: + - Security Lists API + put: + description: > + Update a list item using the list item ID. The original list item is + replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list item + tags: + - Security Lists API + /api/lists/items/_export: + post: + description: Export list item values from the specified list. + operationId: ExportListItems + parameters: + - description: List's id to export + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: A `.txt` file containing list items from the specified list + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Export list items + tags: + - Security Lists API + /api/lists/items/_find: + get: + description: Get all list items in the specified list. + operationId: FindListItems + parameters: + - description: List's id + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of list items to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: >- + #/components/schemas/Security_Lists_API_FindListItemsCursor + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list items + tags: + - Security Lists API + /api/lists/items/_import: + post: + description: > + Import list items from a TXT or CSV file. The maximum file size is 9 + million bytes. + + + You can import items to a new or existing list. + operationId: ImportListItems + parameters: + - description: | + List's id. + + Required when importing to an existing list. + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: > + Type of the importing list. + + + Required when importing a new list that is `list_id` is not + specified. + in: query + name: type + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListType' + - in: query + name: serializer + required: false + schema: + type: string + - in: query + name: deserializer + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + enum: + - 'true' + - 'false' + - wait_for + type: string + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: >- + A `.txt` or `.csv` file containing newline separated list + items + format: binary + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List with specified list_id does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Import list items + tags: + - Security Lists API + /api/lists/privileges: + get: + operationId: ReadListPrivileges + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + required: + - lists + - listItems + - is_authenticated + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list privileges + tags: + - Security Lists API + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models. This API runs automatically when you start Kibana and + periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync machine learning saved objects + tags: + - ml + /api/note: + delete: + description: Delete a note from a Timeline using the note ID. + operationId: DeleteNote + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + - nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + description: The ID of the note to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + description: Indicates the note was successfully deleted. + summary: Delete a note + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get all notes for a given document. + operationId: GetNotes + parameters: + - in: query + name: documentIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' + - in: query + name: savedObjectIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + - in: query + name: page + schema: + nullable: true + type: string + - in: query + name: perPage + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: sortField + schema: + nullable: true + type: string + - in: query + name: sortOrder + schema: + nullable: true + type: string + - in: query + name: filter + schema: + nullable: true + type: string + - in: query + name: createdByFilter + schema: + nullable: true + type: string + - in: query + name: associatedFilter + schema: + $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object + description: Indicates the requested notes were returned. + summary: Get notes + tags: + - Security Timeline API + - access:securitySolution + patch: + description: Add a note to a Timeline or update an existing note. + operationId: PersistNoteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventDataView: + nullable: true + type: string + eventIngested: + nullable: true + type: string + eventTimestamp: + nullable: true + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + noteId: + nullable: true + type: string + overrideOwner: + nullable: true + type: boolean + version: + nullable: true + type: string + required: + - note + description: The note to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistNote: + $ref: >- + #/components/schemas/Security_Timeline_API_ResponseNote + required: + - persistNote + required: + - data + description: Indicates the note was successfully created. + summary: Add or update a note + tags: + - Security Timeline API + - access:securitySolution + /api/osquery/live_queries: + get: + description: Get a list of all live queries. + operationId: OsqueryFindLiveQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live queries + tags: + - Security Osquery API + post: + description: Create and run a live query. + operationId: OsqueryCreateLiveQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a live query + tags: + - Security Osquery API + /api/osquery/live_queries/{id}: + get: + description: Get the details of a live query using the query ID. + operationId: OsqueryGetLiveQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + schema: + additionalProperties: true + type: object + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query details + tags: + - Security Osquery API + /api/osquery/live_queries/{id}/results/{actionId}: + get: + description: Get the results of a live query using the query action ID. + operationId: OsqueryGetLiveQueryResults + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: path + name: actionId + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query results + tags: + - Security Osquery API + /api/osquery/packs: + get: + description: Get a list of all query packs. + operationId: OsqueryFindPacks + parameters: + - in: query + name: query + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get packs + tags: + - Security Osquery API + post: + description: Create a query pack. + operationId: OsqueryCreatePacks + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a pack + tags: + - Security Osquery API + /api/osquery/packs/{id}: + delete: + description: Delete a query pack using the pack ID. + operationId: OsqueryDeletePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a pack + tags: + - Security Osquery API + get: + description: Get the details of a query pack using the pack ID. + operationId: OsqueryGetPacksDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get pack details + tags: + - Security Osquery API + put: + description: | + Update a query pack using the pack ID. + > info + > You cannot update a prebuilt pack. + operationId: OsqueryUpdatePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a pack + tags: + - Security Osquery API + /api/osquery/saved_queries: + get: + description: Get a list of all saved queries. + operationId: OsqueryFindSavedQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved queries + tags: + - Security Osquery API + post: + description: Create and run a saved query. + operationId: OsqueryCreateSavedQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a saved query + tags: + - Security Osquery API + /api/osquery/saved_queries/{id}: + delete: + description: Delete a saved query using the query ID. + operationId: OsqueryDeleteSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a saved query + tags: + - Security Osquery API + get: + description: Get the details of a saved query using the query ID. + operationId: OsqueryGetSavedQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved query details + tags: + - Security Osquery API + put: + description: | + Update a saved query using the query ID. + > info + > You cannot update a prebuilt saved query. + operationId: OsqueryUpdateSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a saved query + tags: + - Security Osquery API + /api/pinned_event: + patch: + description: Pin an event to an existing Timeline. + operationId: PersistPinnedEventRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventId: + type: string + pinnedEventId: + nullable: true + type: string + timelineId: + type: string + required: + - eventId + - timelineId + description: The pinned event to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistPinnedEventOnTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + required: + - persistPinnedEventOnTimeline + required: + - data + description: Indicates the event was successfully pinned to the Timeline. + summary: Pin an event + tags: + - Security Timeline API + - access:securitySolution + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cleanup_successful: + type: boolean + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + description: Unexpected error + summary: Cleanup the Risk Engine + tags: + - Security Entity Analytics API + /api/risk_score/engine/schedule_now: + post: + description: >- + Schedule the risk scoring engine to run as soon as possible. You can use + this to recalculate entity risk scores after updating their asset + criticality. + operationId: ScheduleRiskEngineNow + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: {} + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + description: Unexpected error + summary: Run the risk scoring engine + tags: + - Security Entity Analytics API + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_request + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_response + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_request + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_response + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/security_ai_assistant/anonymization_fields/_bulk_action: + post: + description: >- + Apply a bulk action to multiple anonymization fields. The bulk action is + applied to all anonymization fields that match the filter or to the list + of anonymization fields by their IDs. + operationId: PerformAnonymizationFieldsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of anonymization fields IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter anonymization fields + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to anonymization fields + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/anonymization_fields/_find: + get: + description: Get a list of all anonymization fields. + operationId: FindAnonymizationFields + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: AnonymizationFields per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get anonymization fields + tags: + - Security AI Assistant API + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: + post: + description: Create a model response for the given chat conversation. + operationId: ChatComplete + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' + required: true + responses: + '200': + content: + application/octet-stream; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a model response + tags: + - Security AI Assistant API + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: + post: + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: + get: + description: Get a list of all conversations for the current user. + operationId: FindConversations + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Conversations per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get conversations + tags: + - Security AI Assistant API + - Conversations API + /api/security_ai_assistant/current_user/conversations/{id}: + delete: + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Delete a conversation + tags: + - Security AI Assistant API + - Conversation API + get: + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation + tags: + - Security AI Assistant API + - Conversations API + put: + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: + get: + description: Get a list of all prompts. + operationId: FindPrompts + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts + tags: + - Security AI Assistant API + - Prompts API + /api/security/role: + get: + operationId: get-security-role + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query + name: replaceDeprecatedPrivileges + required: false + schema: + type: boolean + responses: + '200': + description: Indicates a successful call. + summary: Get all roles + tags: + - roles + /api/security/role/{name}: + delete: + operationId: delete-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: name + required: true + schema: + minLength: 1 + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a role + tags: + - roles + get: + operationId: get-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The role name. + in: path + name: name + required: true + schema: + minLength: 1 + type: string + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query + name: replaceDeprecatedPrivileges + required: false + schema: + type: boolean + responses: + '200': + description: Indicates a successful call. + summary: Get a role + tags: + - roles + put: + description: >- + Create a new Kibana role or update the attributes of an existing role. + Kibana roles are stored in the Elasticsearch native realm. + operationId: put-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The role name. + in: path + name: name + required: true + schema: + maxLength: 1024 + minLength: 1 + type: string + - description: When true, a role is not overwritten if it already exists. + in: query + name: createOnly + required: false + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. + type: string + type: array + indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + covers the restricted indices too. + type: boolean + field_security: + additionalProperties: + items: + description: >- + The document fields that the role members have + read access to. + type: string + type: array + type: object + names: + items: + description: >- + The data streams, indices, and aliases to which + the permissions in this entry apply. It supports + wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that the role members + have for the data streams and indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The cluster level privileges for the remote + cluster. The allowed values are a subset of the + cluster privileges. + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + will cover the restricted indices too. + type: boolean + clusters: + items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + description: >- + The document fields that the role members have + read access to. + type: string + type: array + type: object + names: + items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that role members + have for the specified indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + description: >- + A base privilege that grants applies to all + spaces. + type: string + type: array + - items: + description: >- + A base privilege that applies to specific + spaces. + type: string + type: array + feature: + additionalProperties: + items: + description: >- + The privileges that the role member has for the + feature. + type: string + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + description: A space that the privilege applies to. + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + responses: + '204': + description: Indicates a successful call. + summary: Create or update a role + tags: + - roles + /api/security/roles: + post: + operationId: post-security-roles + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + roles: + additionalProperties: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. + type: string + type: array + indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field covers the restricted + indices too. + type: boolean + field_security: + additionalProperties: + items: + description: >- + The document fields that the role + members have read access to. + type: string + type: array + type: object + names: + items: + description: >- + The data streams, indices, and aliases to + which the permissions in this entry apply. + It supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that the role + members have for the data streams and + indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role members. + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The cluster level privileges for the + remote cluster. The allowed values are a + subset of the cluster privileges. + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field will cover the restricted + indices too. + type: boolean + clusters: + items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + description: >- + The document fields that the role + members have read access to. + type: string + type: array + type: object + names: + items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that role + members have for the specified indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role + members. + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: + description: >- + A user name that the role member can + impersonate. + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + description: >- + A base privilege that grants applies to + all spaces. + type: string + type: array + - items: + description: >- + A base privilege that applies to specific + spaces. + type: string + type: array + feature: + additionalProperties: + items: + description: >- + The privileges that the role member has for + the feature. + type: string + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + description: A space that the privilege applies to. + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + type: object + required: + - roles + responses: + '200': + description: Indicates a successful call. + summary: Create or update roles + tags: + - roles + /api/spaces/space: + get: + operationId: get-spaces-space + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: >- + Specifies which authorization checks are applied to the API call. + The default value is `any`. + in: query + name: purpose + required: false + schema: + enum: + - any + - copySavedObjectsIntoSpace + - shareSavedObjectsIntoSpace + type: string + - description: >- + When enabled, the API returns any spaces that the user is authorized + to access in any capacity and each space will contain the purposes + for which the user is authorized. This can be useful to determine + which spaces a user can read but not take a specific action in. If + the security plugin is not enabled, this parameter has no effect, + since no authorization checks take place. This parameter cannot be + used in with the `purpose` parameter. + in: query + name: include_authorized_purposes + required: true + schema: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - false + type: boolean + x-oas-optional: true + - type: boolean + x-oas-optional: true + responses: + '200': + description: Indicates a successful call. + summary: Get all spaces + tags: + - spaces + post: + operationId: post-spaces-space + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: >- + The hexadecimal color code used in the space avatar. By + default, the color is automatically generated from the space + name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + type: array + id: + description: >- + The space ID that is part of the Kibana URL when inside the + space. Space IDs are limited to lowercase alphanumeric, + underscore, and hyphen characters (a-z, 0-9, _, and -). You + are cannot change the ID with the update operation. + type: string + imageUrl: + description: >- + The data-URL encoded image to display in the space avatar. + If specified, initials will not be displayed and the color + will be visible as the background color for transparent + images. For best results, your image should be 64x64. Images + will not be optimized by this API call, so care should be + taken when using custom images. + type: string + initials: + description: >- + One or two characters that are shown in the space avatar. By + default, the initials are automatically generated from the + space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + required: + - id + - name + responses: + '200': + description: Indicates a successful call. + summary: Create a space + tags: + - spaces + /api/spaces/space/{id}: + delete: + description: >- + When you delete a space, all saved objects that belong to the space are + automatically deleted, which is permanent and cannot be undone. + operationId: delete-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The space identifier. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + '404': + description: Indicates that the request failed. + summary: Delete a space + tags: + - spaces + get: + operationId: get-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The space identifier. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + description: Indicates a successful call. + summary: Get a space + tags: + - spaces + put: + operationId: put-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: >- + The space identifier. You are unable to change the ID with the + update operation. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: >- + The hexadecimal color code used in the space avatar. By + default, the color is automatically generated from the space + name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + type: array + id: + description: >- + The space ID that is part of the Kibana URL when inside the + space. Space IDs are limited to lowercase alphanumeric, + underscore, and hyphen characters (a-z, 0-9, _, and -). You + are cannot change the ID with the update operation. + type: string + imageUrl: + description: >- + The data-URL encoded image to display in the space avatar. + If specified, initials will not be displayed and the color + will be visible as the background color for transparent + images. For best results, your image should be 64x64. Images + will not be optimized by this API call, so care should be + taken when using custom images. + type: string + initials: + description: >- + One or two characters that are shown in the space avatar. By + default, the initials are automatically generated from the + space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + required: + - id + - name + responses: + '200': + description: Indicates a successful call. + summary: Update a space + tags: + - spaces + /api/status: + get: + operationId: get-status + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /api/timeline: + delete: + description: Delete one or more Timelines or Timeline templates. + operationId: DeleteTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + savedObjectIds: + items: + type: string + type: array + searchIds: + description: >- + Saved search ids that should be deleted alongside the + timelines + items: + type: string + type: array + required: + - savedObjectIds + description: The IDs of the Timelines or Timeline templates to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + deleteTimeline: + type: boolean + required: + - deleteTimeline + required: + - data + description: Indicates the Timeline was successfully deleted. + summary: Delete Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get the details of an existing saved Timeline or Timeline template. + operationId: GetTimeline + parameters: + - description: The ID of the template timeline to retrieve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the Timeline to retrieve. + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + type: object + properties: + getOneTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + required: + - getOneTimeline + required: + - data + - additionalProperties: false + type: object + description: Indicates that the (template) Timeline was found and returned. + summary: Get Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + patch: description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Serverless_saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: + Update an existing Timeline. You can update the title, description, date + range, pinned events, pinned queries, and/or pinned saved queries of an + existing Timeline. + operationId: PatchTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - timelineId + - version + - timeline + description: The Timeline updates, along with the Timeline ID and version. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates that the user does not have the required access to create + a draft Timeline. + summary: Update a Timeline + tags: + - Security Timeline API + - access:securitySolution + post: + description: Create a new Timeline or Timeline template. + operationId: CreateTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true + type: string + required: + - timeline + description: >- + The required Timeline fields used to create a new Timeline, along with + optional fields that will be created if not provided. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates the Timeline was successfully created. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that there was an error in the Timeline creation. + summary: Create a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_copy: + get: + description: | + Copies and returns a timeline or timeline template. + operationId: CopyTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the timeline has been successfully copied. + summary: Copies timeline or timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_draft: + get: description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Fleet_error: - content: - application/json; Elastic-Api-Version=2023-10-31: + Get the details of the draft Timeline or Timeline template for the + current user. If the user doesn't have a draft Timeline, an empty + Timeline is returned. + operationId: GetDraftTimelines + parameters: + - in: query + name: timelineType + required: true + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the draft Timeline was successfully retrieved. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + If a draft Timeline was not found and we attempted to create one, it + indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + This should never happen, but if a draft Timeline was not found and + we attempted to create one, it indicates that there is already a + draft Timeline with the given `timelineId`. + summary: Get draft Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + post: + description: > + Create a clean draft Timeline or Timeline template for the current user. + + > info + + > If the user already has a draft Timeline, the existing draft Timeline + is cleared and returned. + operationId: CleanDraftTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + required: + - timelineType + description: >- + The type of Timeline to create. Valid values are `default` and + `template`. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that there is already a draft Timeline with the given + `timelineId`. + summary: Create a clean draft Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_export: + post: + description: Export Timelines as an NDJSON file. + operationId: ExportTimelines + parameters: + - description: The name of the file to export + in: query + name: file_name + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + description: The IDs of the Timelines to export. + required: true + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: NDJSON of the exported Timelines + type: string + description: Indicates the Timelines were successfully exported. + '400': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that the export size limit was exceeded. + summary: Export Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_favorite: + patch: + description: Favorite a Timeline or Timeline template for the current user. + operationId: PersistFavoriteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + description: The required fields used to favorite a (template) Timeline. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistFavorite: + $ref: >- + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + required: + - persistFavorite + required: + - data + description: Indicates the favorite status was successfully updated. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the user does not have the required permissions to persist + the favorite status. + summary: Favorite a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_import: + post: + description: Import Timelines. + operationId: ImportTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: {} + isImmutable: + enum: + - 'true' + - 'false' + type: string + required: + - file + description: The Timelines to import as a readable stream. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the import of Timelines was successful. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: >- + Indicates the import of Timelines was unsuccessful because of an + invalid file extension. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + statusCode: + type: number + description: >- + Indicates that we were unable to locate the saved object client + necessary to handle the import. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: Indicates the import of Timelines was unsuccessful. + summary: Import Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_prepackaged: + post: + description: Install or update prepackaged Timelines. + operationId: InstallPrepackedTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + prepackagedTimelines: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + description: The Timelines to install or update. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the installation of prepackaged Timelines was successful. + '500': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the installation of prepackaged Timelines was + unsuccessful. + summary: Install prepackaged Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/resolve: + get: + operationId: ResolveTimeline + parameters: + - description: The ID of the template timeline to resolve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the timeline to resolve + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + $ref: >- + #/components/schemas/Security_Timeline_API_ResolvedTimeline + required: + - data + - additionalProperties: false + type: object + description: The (template) Timeline has been found + '400': + description: The request is missing parameters + '404': + description: The (template) Timeline was not found + summary: Get an existing saved Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timelines: + get: + description: Get a list of all saved Timelines or Timeline templates. + operationId: GetTimelines + parameters: + - description: >- + If true, only timelines that are marked as favorites by the user are + returned. + in: query + name: only_user_favorite + schema: + enum: + - 'true' + - 'false' + nullable: true + type: string + - in: query + name: timeline_type + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + - in: query + name: sort_field + schema: + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' + - in: query + name: sort_order + schema: + enum: + - asc + - desc + type: string + - in: query + name: page_size + schema: + nullable: true + type: string + - in: query + name: page_index + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: status + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + customTemplateTimelineCount: + type: number + defaultTimelineCount: + type: number + elasticTemplateTimelineCount: + type: number + favoriteCount: + type: number + templateTimelineCount: + type: number + timeline: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + type: array + totalCount: + type: number + required: + - timeline + - totalCount + description: Indicates that the (template) Timelines were found and returned. + '400': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Bad request. The user supplied invalid data. + summary: Get Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + /s/{spaceId}/api/observability/slos: + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: The page to use for pagination, must be greater or equal than 1 + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + servers: + - url: https://localhost:5601 + summary: Create an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/_delete_instances: + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + servers: + - url: https://localhost:5601 + summary: Batch delete rollup and summary data + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}: + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - schemas: - Data_views_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: - type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/_reset: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/disable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/enable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO + tags: + - slo +components: + examples: + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. + value: data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: emit(doc['shape_name'].value) + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: emit(doc["foo"].value) + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: $0,0.00 + products.base_unit_price: + id: number + params: + pattern: $0,0.00 + products.min_price: + id: number + params: + pattern: $0,0.00 + products.price: + id: number + params: + pattern: $0,0.00 + products.taxful_price: + id: number + params: + pattern: $0,0.00 + products.taxless_price: + id: number + params: + pattern: $0,0.00 + taxful_total_price: + id: number + params: + pattern: $0,0.[00] + taxless_total_price: + id: number + params: + pattern: $0,0.00 + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: The data view name. + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. - type: object - properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: - type: object - properties: - source: - description: Script for the runtime field. + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - description: Mapping type of the runtime field. - type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - type: string - toId: - description: New saved object reference value to replace the old value. - type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: 'The timestamp field name, which you use for time-based data views.' - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: 'When set to `rollup`, identifies the rollup data views.' - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean - required: - - data_view - Fleet_agent: - title: Agent - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - components: - items: - $ref: '#/components/schemas/Fleet_agent_component' - type: array - default_api_key: - type: string - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - local_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' - metrics: - type: object - properties: - cpu_avg: - description: >- - Average agent CPU usage during the last 5 minutes, number - between 0-1 - type: number - memory_size_byte_avg: - description: Average agent memory consumption during the last 5 minutes - type: number - policy_id: - type: string - policy_revision: - type: number - status: - $ref: '#/components/schemas/Fleet_agent_status' - type: - $ref: '#/components/schemas/Fleet_agent_type' - unenrolled_at: - type: string - unenrollment_started_at: - type: string - user_provided_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' - required: - - type - - active - - enrolled_at - - id - - status - Fleet_agent_action: - oneOf: - - properties: - ack_data: + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name type: string - data: + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - - properties: - data: - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - type: + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - title: Agent action - Fleet_agent_component: - title: Agent component - type: object - properties: - id: - type: string - message: - type: string - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - type: string - units: - items: - $ref: '#/components/schemas/Fleet_agent_component_unit' - type: array - Fleet_agent_component_status: - enum: - - starting - - configuring - - healthy - - degraded - - failed - - stopping - - stopped - title: Agent component status - type: string - Fleet_agent_component_unit: - title: Agent component unit - type: object - properties: - id: - type: string - message: - type: string - payload: - type: object - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - $ref: '#/components/schemas/Fleet_agent_component_unit_type' - Fleet_agent_component_unit_type: - enum: - - input - - output - title: Agent component unit type - type: string - Fleet_agent_diagnostics: - title: Agent diagnostics - type: object - properties: - actionId: - type: string - createTime: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - IN_PROGRESS - required: - - id - - name - - createTime - - filePath - - actionId - - status - Fleet_agent_get_by_actions: - items: - items: - type: string - type: array - title: Agents get by action ids - type: array - Fleet_agent_metadata: - title: Agent metadata - type: object - Fleet_agent_policy: - title: Agent Policy - type: object - properties: - advanced_settings: - description: >- - Advanced settings stored in the agent policy, e.g. - agent_limits_go_max_procs - nullable: true - type: object - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - id: - type: string - inactivity_timeout: - type: integer - is_protected: - description: >- - Indicates whether the agent policy has tamper protection enabled. - Default false. - type: boolean - keep_monitoring_alive: - description: >- - When set to true, monitoring will be enabled but logs/metrics - collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - type: object - properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_http: - type: object - properties: - enabled: - type: boolean - host: + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name + type: string + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - port: + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - type: string - namespace: - type: string - overrides: - description: >- - Override settings that are defined in the agent policy. Input - settings cannot be overridden. The override option should be used - only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - description: >- - This field is present only when retrieving a single agent policy, or - when retrieving a list of agent policies with the ?full=true - parameter - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - revision: - type: number - supports_agentless: - description: >- - Indicates whether the agent policy supports agentless integrations. - Only allowed in a serverless environment. - type: boolean - unenroll_timeout: - type: integer - unprivileged_agents: - type: number - updated_by: - type: string - updated_on: - format: date-time - type: string - required: - - id - - status - - name - - namespace - Fleet_agent_policy_create_request: - title: Create agent policy request - type: object - properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - id: - type: string - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_output_id: - nullable: true - type: string - name: - type: string - namespace: - type: string - unenroll_timeout: - type: integer - required: - - name - - namespace - Fleet_agent_policy_full: - oneOf: - - type: object - properties: - item: + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_full_agent_policy' - title: Agent policy full response - type: object - Fleet_agent_policy_update_request: - title: Update agent policy request - type: object - properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_output_id: - nullable: true - type: string - name: - type: string - namespace: - type: string - unenroll_timeout: - type: integer - required: - - name - - namespace - Fleet_agent_status: - enum: - - offline - - error - - online - - inactive - - warning - title: Elastic Agent status - type: string - Fleet_agent_type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - title: Agent type - type: string - Fleet_bulk_install_packages_response: - title: Bulk install packages response - type: object - properties: - items: - items: - type: object - properties: - name: - type: string - version: - type: string - type: array - response: - deprecated: true - items: - type: object - properties: - name: - type: string - version: - type: string - type: array - required: - - items - Fleet_bulk_upgrade_agents: - title: Bulk upgrade agents - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: 'Force upgrade, skipping validation (should be used with caution)' - type: boolean - rollout_duration_seconds: - description: rolling upgrade window duration in seconds - type: number - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: - description: alternative upgrade binary download url - type: string - start_time: - description: start time of upgrade in ISO 8601 format - type: string - version: - description: version to upgrade to - type: string - required: - - agents - - version - Fleet_data_stream: - title: Data stream - type: object - properties: - dashboard: - items: - type: object - properties: - id: - type: string - title: - type: string - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - size_in_bytes: - type: number - size_in_bytes_formatted: - type: string - type: - type: string - Fleet_download_sources: - title: Download Source - type: object - properties: - host: - type: string - id: - type: string - is_default: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the proxies - API for more information. - nullable: true - type: string - required: - - is_default - - name - - host - Fleet_elasticsearch_asset_type: - enum: - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - title: Elasticsearch asset type - type: string - Fleet_enrollment_api_key: - title: Enrollment API key - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and cannot be used for - enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - Fleet_fleet_server_host: - title: Fleet Server Host - type: object - properties: - host_urls: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - type: string - required: - - fleet_server_hosts - - id - - is_default - - is_preconfigured - - host_urls - Fleet_fleet_settings_response: - title: Fleet settings response - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_settings' - required: - - item - Fleet_fleet_setup_response: - title: Fleet Setup response - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - Fleet_fleet_status_response: - title: Fleet status response - type: object - properties: - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features - Fleet_full_agent_policy: - title: Full agent policy - type: object - properties: - agent: - nullable: true - type: string - fleet: - oneOf: - - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - - type: object - properties: - kibana: - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - id: - type: string - inputs: - type: string - monitoring: - type: object - properties: - diagnostics: - type: object - properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - enabled: - type: boolean - http: - type: object - properties: - enabled: - type: boolean - host: - type: string - port: - type: number - required: - - enabled - logs: - type: boolean - metrics: - type: boolean - namespace: + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - pprof: - type: object - properties: - enabled: - type: boolean - required: - - enabled - traces: - type: boolean - use_output: + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer type: string - required: - - enabled - - metrics - - logs - - traces - output_permissions: - additionalProperties: - type: object - properties: - data: - $ref: >- - #/components/schemas/Fleet_full_agent_policy_output_permissions - output: - type: integer - type: object - outputs: - additionalProperties: - $ref: '#/components/schemas/Fleet_full_agent_policy_output' - type: object - revision: - type: number - secret_references: - items: - type: object - properties: - id: - type: string - type: array - required: - - id - - outputs - - inputs - Fleet_full_agent_policy_input: - allOf: - - additionalProperties: true - type: object - properties: - data_stream: - type: object - properties: - namespace: - type: string - required: - - namespace - id: + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - meta: - additionalProperties: true - type: object - properties: - package: - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - revision: - type: number - streams: - $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' - type: + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id type: string - use_output: + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - title: Full agent policy input - Fleet_full_agent_policy_input_stream: - allOf: - - additionalProperties: true - type: object - properties: - data_stream: - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - - type - id: + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category type: string - required: - - id - - data_stream - title: Full agent policy input stream - Fleet_full_agent_policy_output: - title: Full agent policy - type: object - properties: - additionalProperties: - type: object - properties: - text: {} - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - type: {} - required: - - type - - hosts - - ca_sha256 - Fleet_full_agent_policy_output_permissions: - additionalProperties: - type: object - properties: - data: - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - type: object - properties: - names: - items: - type: string - type: array - privileges: - items: - type: string - type: array - type: array - packagePolicyName: - type: string - title: Full agent policy output permissions - Fleet_get_agent_tags_response: - title: Get Agent Tags response - type: object - properties: - items: - items: - type: string - type: array - Fleet_get_agents_response: - title: Get Agent response - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - page: - type: number - perPage: - type: number - statusSummary: - type: object - properties: - degraded': + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - enrolling: + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer + type: string + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - error: + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - inactive: + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - offline: + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name + type: string + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - online: + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - unenrolled: + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - unenrolling: + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - updating: + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - total: - type: number - required: - - items - - total - - page - - perPage - Fleet_get_bulk_assets_response: - deprecated: true - properties: - items: - items: - type: object - properties: - appLink: - type: string - attributes: - type: object - properties: - description: - type: string - title: - type: string - id: - type: string - type: - $ref: '#/components/schemas/Fleet_saved_object_type' - updatedAt: - type: string - type: array - required: - - items - title: Bulk get assets response - type: object - Fleet_get_categories_response: - title: Get categories response - type: object - properties: - items: - items: - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - Fleet_get_packages_response: - title: Get Packages response - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_search_result' - type: array - response: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_search_result' - type: array - required: - - items - Fleet_installation_info: - title: Installation info object - type: object - properties: - created_at: - type: string - experimental_data_stream_features: - type: array - properties: - data_stream: - type: string - features: - type: object - properties: - doc_value_only_numeric: - nullable: true - type: boolean - doc_value_only_other: - nullable: true - type: boolean - synthetic_source: - nullable: true - type: boolean - tsdb: - nullable: true - type: boolean - install_format_schema_version: - type: string - install_kibana_space_id: - type: string - install_source: - enum: - - registry - - upload - - bundled - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' - installed_kibana: - type: object - properties: - id: + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number type: - $ref: '#/components/schemas/Fleet_kibana_saved_object_type' - latest_executed_state: - description: Latest successfully executed state in package install state machine - type: object - properties: - error: - type: string - name: - enum: - - create_restart_installation - - install_kibana_assets - - install_ilm_policies - - install_ml_model - - install_index_template_pipelines - - remove_legacy_templates - - update_current_write_indices - - install_transforms - - delete_previous_pipelines - - save_archive_entries_from_assets_map - - update_so - type: string - started_at: - type: string - latest_install_failed_attempts: - description: Latest failed install errors - items: - type: object - properties: - created_at: - type: string - error: - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - target_version: - type: string - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - verified - - unverified - - unknown - type: string - version: - type: string - required: - - installed_kibana - - installed_es - - name - - version - - install_status - - install_version - - install_started_at - - install_source - - verification_status - - latest_install_failed_attempts - Fleet_kibana_saved_object_type: - enum: - - dashboard - - visualization - - search - - index-pattern - - map - - lens - - ml-module - - security-rule - - csp_rule_template - title: Kibana saved object asset type - type: string - Fleet_new_package_policy: - description: '' - properties: - description: - type: string - enabled: - type: boolean - inputs: - items: - type: object - properties: - config: - type: object - enabled: - type: boolean - processors: - items: - type: string - type: array - streams: - items: {} - type: array - type: - type: string - vars: - type: object - required: - - type - - enabled - type: array - name: - type: string - namespace: - type: string - output_id: - type: string - overrides: - type: object - package: - type: object - properties: - name: - type: string - requires_root: - type: boolean - title: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - version: + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - name - - version - policy_id: - deprecated: true - nullable: true - type: string - policy_ids: - items: - type: string - type: array - required: - - inputs - - name - title: New package policy - type: object - Fleet_output_create_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_create_request_kafka' - logstash: '#/components/schemas/Fleet_output_create_request_logstash' - remote_elasticsearch: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - propertyName: type - oneOf: - - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_create_request_kafka' - - $ref: '#/components/schemas/Fleet_output_create_request_logstash' - - $ref: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - title: Output - Fleet_output_create_request_elasticsearch: - title: elasticsearch - type: object - properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - type: string - shipper: - type: object - properties: - compression_level: + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: + data_view: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: $0,0.[00] + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: boolean - disk_queue_max_size: + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - disk_queue_path: + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - certificate_authorities: - items: - type: string - type: array - key: + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - enum: - - elasticsearch - type: string - required: - - name - Fleet_output_create_request_kafka: - title: kafka - type: object - properties: - auth_type: - type: string - broker_timeout: - type: number - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - client_id: - type: string - compression: - type: string - compression_level: - type: number - config: - type: object - config_yaml: - type: string - connection_type: - enum: - - plaintext - - encryption - type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: - type: string - name: - type: string - partition: - type: string - password: - type: string - proxy_id: - type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - secrets: - type: object - properties: - password: + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - ssl: - type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - disk_queue_path: - type: string - loadbalance: + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: boolean - ssl: - type: object - properties: - certificate: + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightDelayType + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - certificate_authorities: - items: - type: string - type: array - key: + FlightNum: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightNum + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - verification_mode: - enum: - - none - - full - - certificate - - strict + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - timeout: - type: number - topic: - type: string - topics: - deprecated: true - description: Use topic instead. - items: - type: object - properties: - topic: - type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string - type: array - type: - enum: - - kafka - type: string - username: - type: string - version: - type: string - required: - - name - - type - - topics - - auth_type - - hosts - Fleet_output_create_request_logstash: - title: logstash - type: object - properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - type: string - secrets: - type: object - properties: - ssl: - type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: + FlightTimeMin: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false type: number - disk_queue_path: + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Origin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: + OriginAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - certificate_authorities: - items: - type: string - type: array - key: + OriginCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - enum: - - logstash - type: string - required: - - name - - hosts - - type - Fleet_output_create_request_remote_elasticsearch: - title: remote_elasticsearch - type: object - properties: - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - secrets: - type: object - properties: - service_token: + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - service_token: - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - Fleet_output_update_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_update_request_kafka' - logstash: '#/components/schemas/Fleet_output_update_request_logstash' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_update_request_kafka' - - $ref: '#/components/schemas/Fleet_output_update_request_logstash' - title: Output - Fleet_output_update_request_elasticsearch: - title: elasticsearch + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: emit(doc["bar"].value) + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Serverless_saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Serverless_saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Serverless_saved_objects_import_objects_request: + value: + file: file.ndjson + Serverless_saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + parameters: + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Serverless_saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + schemas: + Data_views_400_response: + title: Bad request type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: + error: + example: Bad Request type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - type: - enum: - - elasticsearch + message: type: string + statusCode: + example: 400 + type: number required: - - name - - hosts - - type - Fleet_output_update_request_kafka: - title: kafka + - statusCode + - error + - message + Data_views_404_response: type: object properties: - auth_type: - type: string - broker_timeout: - type: number - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - client_id: - type: string - compression: - type: string - compression_level: - type: number - config: - type: object - config_yaml: - type: string - connection_type: + error: enum: - - plaintext - - encryption - type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: - type: string - name: - type: string - partition: - type: string - password: - type: string - proxy_id: + - Not Found + example: Not Found type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - none - - full - - certificate - - strict - type: string - timeout: - type: number - topic: + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found type: string - topics: - deprecated: true - description: Use topic instead. - items: - type: object - properties: - topic: - type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string - type: array - type: + statusCode: enum: - - kafka - type: string - username: - type: string - version: - type: string - required: - - name - Fleet_output_update_request_logstash: - title: logstash + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - type: string - shipper: + data_view: + description: The data view object. type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: + name: + description: The data view name. type: string - certificate_authorities: - items: - type: string - type: array - key: + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: type: string - type: - enum: - - logstash - type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean required: - - name - Fleet_package_info: - title: Package information + - data_view + Data_views_data_view_response_object: + title: Data view response properties type: object properties: - agent: + data_view: type: object properties: - privileges: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' type: object - properties: - root: - type: boolean - asset_tags: - items: - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - items: - type: string - type: array - categories: - items: - type: string - type: array - conditions: - type: object - properties: - elasticsearch: + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: type: object - properties: - subscription: - enum: - - basic - - gold - - platinum - - enterprise - type: string - kibana: + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' type: object - properties: - versions: - type: string - data_streams: - items: - type: object - properties: - ingeset_pipeline: - type: string - name: - type: string - package: - type: string - release: - type: string - title: - type: string - type: - type: string - vars: - items: - type: object - properties: - default: - type: string - name: - type: string - required: - - name - - default - type: array - required: - - title - - name - - release - - ingeset_pipeline - - type - - package - type: array - description: + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. + type: object + properties: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 type: string - discovery: - type: object - properties: - fields: - items: - type: object - properties: - name: - type: string - required: - - name - type: array - download: + customLabel: + description: Custom label for the field. type: string - elasticsearch: + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: type: object properties: - privileges: - type: object - properties: - cluster: - items: - type: string - type: array - format_version: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. type: string - icons: - items: + required: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: type: string - type: array - internal: + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request + type: object + properties: + delete: + description: Deletes referenced saved object if all references are removed. type: boolean - name: + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. type: string - owner: - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - required: - - github - path: + fromId: + description: The saved object reference to change. type: string - readme: + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. type: string - release: - deprecated: true - description: >- - release label is deprecated, derive from the version instead - (packages follow semver) - enum: - - experimental - - beta - - ga + toId: + description: New saved object reference value to replace the old value. type: string - screenshots: - items: - type: object - properties: - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - - path - type: array - source: + required: + - fromId + - toId + Data_views_timefieldname: + description: The timestamp field name, which you use for time-based data views. + type: string + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: When set to `rollup`, identifies the rollup data views. + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. type: object - properties: - license: - enum: - - Apache-2.0 - - Elastic-2.0 - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - version: - type: string required: - - name - - title - - version - - description - - type - - categories - - conditions - - assets - - format_version - - download - - path - - owner - Fleet_package_policy: - allOf: - - type: object - properties: - id: - type: string - inputs: - oneOf: - - items: {} - type: array - - type: object - revision: - type: number - required: - - id - - revision - - $ref: '#/components/schemas/Fleet_new_package_policy' - title: Package policy - Fleet_package_policy_request: - title: Package Policy Request + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true type: object properties: - description: - description: Package policy description - example: my description - type: string - force: - description: >- - Force package policy creation even if package is not verified, or if - the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - additionalProperties: - type: object - properties: - enabled: - description: 'enable or disable that input, (default to true)' - type: boolean - streams: - additionalProperties: - type: object - properties: - enabled: - description: 'enable or disable that stream, (default to true)' - type: boolean - vars: - description: >- - Stream level variable (see integration documentation for - more information) - type: object - description: >- - Input streams (see integration documentation to know what - streams are available) - type: object - vars: - description: >- - Input level variable (see integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration documentation to know what - inputs are available) - example: - nginx-logfile: - enabled: true - streams: - nginx.access: - enabled: true - vars: - ignore_older: 72h - paths: - - /var/log/nginx/access.log* - preserve_original_event: false - tags: - - nginx-access + aggs: + description: A map of rollup restrictions by aggregation type and field name. type: object - name: - description: Package policy name (should be unique) - example: nginx-123 - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the agent - policy's namespace. - example: customnamespace - type: string - output_id: - description: Output ID to send package data to - example: output-id - nullable: true - type: string - overrides: - description: >- - Override settings that are defined in the package policy. The - override option should be used only in unusual circumstances and not - as a routine procedure. - nullable: true + params: + description: Properties for retrieving rollup fields. type: object - properties: - inputs: - type: object - package: + Data_views_update_data_view_request_object: + title: Update data view request + type: object + properties: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. type: object properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object name: - description: Package name - example: nginx - type: string - version: - description: Package version - example: 1.6.0 type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - example: agent-policy-id - nullable: true - type: string - policy_ids: - description: Agent policy IDs where that package policy will be added - example: - - agent-policy-id - items: - type: string - type: array - vars: - description: >- - Package root level variable (see integration documentation for more - information) - type: object - required: - - name - - package - Fleet_package_usage_stats: - title: Package usage stats - type: object - properties: - agent_policy_count: - type: integer + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean required: - - agent_policy_count - Fleet_proxies: - title: Fleet Proxy + - data_view + Kibana_HTTP_APIs_core_status_redactedResponse: + additionalProperties: false + description: A minimal representation of Kibana's operational status. type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: - type: string - name: - type: string - proxy_headers: + status: + additionalProperties: false type: object - url: - type: string + properties: + overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + required: + - overall required: - - name - - url - Fleet_saved_object_type: - oneOf: - - enum: - - dashboard - - visualization - - search - - index_pattern - - map - - lens - - security_rule - - csp_rule_template - - ml_module - - tag - - osquery_pack_asset - - osquery_saved_query - type: string - - enum: - - index - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - - ml_model - type: string - title: Saved Object type - Fleet_search_result: - title: Search result + - status + Kibana_HTTP_APIs_core_status_response: + additionalProperties: false + description: >- + Kibana's operational status as well as a detailed breakdown of plugin + statuses indication of various loads (like event loop utilization and + network traffic) at time of request. type: object properties: - description: - type: string - download: - type: string - icons: - type: string - installationInfo: - $ref: '#/components/schemas/Fleet_installation_info' + metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. + type: number + elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + last_updated: + description: The time metrics were collected. + type: string + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis name: + description: Kibana instance name. type: string - path: - type: string - savedObject: - deprecated: true - type: object status: - type: string - title: - type: string - type: + additionalProperties: false + type: object + properties: + core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + savedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + required: + - elasticsearch + - savedObjects + overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + plugins: + additionalProperties: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + description: A dynamic mapping of plugin ID to plugin status. + type: object + required: + - overall + - core + - plugins + uuid: + description: >- + Unique, generated Kibana instance UUID. This UUID should persist + even if the Kibana process restarts. type: string version: - type: string - required: - - description - - download - - icons - - name - - path - - title - - type - - version - - status - Fleet_settings: - title: Settings - type: object - properties: - delete_unenrolled_agents: + additionalProperties: false type: object properties: - enabled: - type: boolean - is_preconfigured: + build_date: + description: The date and time of this build. + type: string + build_flavor: + description: >- + The build flavour determines configuration and behavior of + Kibana. On premise users will almost always run the + "traditional" flavour, while other flavours are reserved for + Elastic-specific use cases. + enum: + - serverless + - traditional + type: string + build_hash: + description: >- + A unique hash value representing the git commit of this Kibana + build. + type: string + build_number: + description: >- + A monotonically increasing number, each subsequent build will + have a higher number. + type: number + build_snapshot: + description: Whether this build is a snapshot build. type: boolean - fleet_server_hosts: - deprecated: true - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - prerelease_integrations_enabled: - type: boolean - required: - - fleet_server_hosts - - id - Fleet_upgrade_agent: - title: Upgrade agent - type: object - properties: - force: - description: 'Force upgrade, skipping validation (should be used with caution)' - type: boolean - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: - type: string - version: - type: string + number: + description: A semantic version number. + type: string + required: + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date required: + - name + - uuid - version - Fleet_upgrade_agent_diff: - items: - items: - $ref: '#/components/schemas/Fleet_full_agent_policy_input' - type: array - title: Package policy Upgrade dryrun - type: array - Fleet_upgrade_diff: - items: - allOf: - - $ref: '#/components/schemas/Fleet_package_policy' - - allOf: - - $ref: '#/components/schemas/Fleet_new_package_policy' - - type: object - properties: - errors: - items: - type: object - properties: - key: - type: string - message: - type: string - type: array - missingVars: - items: - type: string - type: array - type: object - title: Package policy Upgrade dryrun - type: array + - status + - metrics Machine_learning_APIs_mlSync200Response: properties: datafeedsAdded: @@ -16777,7 +40649,7 @@ components: additionalProperties: $ref: >- #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: 'If saved objects are missing for trained models, they are created.' + description: If saved objects are missing for trained models, they are created. type: object title: Sync API response for created saved objects type: object @@ -17493,13 +41365,13 @@ components: type: object properties: traceId: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: string transactionId: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: string Security_AI_Assistant_API_User: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: object properties: id: @@ -17702,12 +41574,12 @@ components: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. example: 1h - pattern: '^[1-9]\d*[smh]$' + pattern: ^[1-9]\d*[smh]$ type: string lookback: description: Lookback time for the rule example: 1h - pattern: '^[1-9]\d*[smh]$' + pattern: ^[1-9]\d*[smh]$ type: string required: - interval @@ -21156,9 +45028,9 @@ components: - no_actions - rule type: string - - description: 'Time interval in seconds, minutes, hours, or days.' + - description: Time interval in seconds, minutes, hours, or days. example: 1h - pattern: '^[1-9]\d*[smhd]$' + pattern: ^[1-9]\d*[smhd]$ type: string Security_Detections_API_RuleAuthorArray: items: @@ -21419,7 +45291,7 @@ components: discriminator: propertyName: type Security_Detections_API_RuleSignatureId: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: string Security_Detections_API_RuleSource: description: >- @@ -23413,7 +47285,7 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' + description: Human readable string identifier, e.g. `trusted-linux-processes` Security_Endpoint_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItem: @@ -24473,8 +48345,6 @@ components: Security_Entity_Analytics_API_EngineDescriptor: type: object properties: - error: - type: object fieldHistoryLength: type: integer filter: @@ -24934,7 +48804,7 @@ components: type: string Security_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' + description: Human readable string identifier, e.g. `trusted-linux-processes` Security_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItem: @@ -26721,7 +50591,7 @@ components: example: Not Found type: string message: - example: 'SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found' + example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found type: string statusCode: example: 404 @@ -26738,7 +50608,7 @@ components: example: Conflict type: string message: - example: 'SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists' + example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists type: string statusCode: example: 409 @@ -26845,11 +50715,11 @@ components: type: object properties: consumed: - description: 'The error budget consummed, as a percentage of the initial value.' + description: The error budget consummed, as a percentage of the initial value. example: 0.8 type: number initial: - description: 'The initial error budget, as 1 - objective' + description: The initial error budget, as 1 - objective example: 0.02 type: number isEstimated: @@ -26859,7 +50729,7 @@ components: example: true type: boolean remaining: - description: 'The error budget remaining, as a percentage of the initial value.' + description: The error budget remaining, as a percentage of the initial value. example: 0.2 type: number required: @@ -26959,7 +50829,7 @@ components: type: string index: description: The index used by APM metrics - example: 'metrics-apm*,apm*' + example: metrics-apm*,apm* type: string service: description: The APM service name @@ -27006,7 +50876,7 @@ components: type: string index: description: The index used by APM metrics - example: 'metrics-apm*,apm*' + example: metrics-apm*,apm* type: string service: description: The APM service name @@ -27140,7 +51010,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -27194,7 +51064,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -27496,7 +51366,7 @@ components: properties: frequency: default: 1m - description: 'Configure how often the transform runs, default 1m' + description: Configure how often the transform runs, default 1m example: 5m type: string preventInitialBackfill: @@ -27637,7 +51507,7 @@ components: - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' instanceId: - description: 'the value derived from the groupBy field, if present, otherwise ''*''' + description: the value derived from the groupBy field, if present, otherwise '*' example: host-abcde type: string name: @@ -27762,7 +51632,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -27785,7 +51655,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -27813,7 +51683,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string percentile: description: The percentile value. @@ -27873,6 +51743,7 @@ components: security: - apiKeyAuth: [] tags: + - name: alerting - description: > Configure APM agent keys to authorize requests from APM agents to the APM Server. @@ -27882,6 +51753,7 @@ tags: Annotations enable you to easily see how events are impacting the performance of your applications. name: APM annotations + - name: connectors - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana @@ -27895,15 +51767,16 @@ tags: - name: Elastic Package Manager (EPM) - name: Fleet enrollment API keys - name: Fleet internals - - name: Fleet Kubernetes - name: Fleet outputs - name: Fleet package policies - name: Fleet proxies - name: Fleet Server hosts - name: Fleet service tokens - name: Fleet uninstall tokens + - name: Message Signing Service - description: Machine learning name: ml + - name: roles - description: > Export sets of saved objects that you want to import into {kib}, resolve import errors, and rotate an encryption key for encrypted saved objects @@ -27950,10 +51823,10 @@ tags: other criteria are met. name: Security Exceptions API x-displayName: Security exceptions - - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' + - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. name: Security Lists API x-displayName: Security lists - - description: 'Run live queries, manage packs and saved queries.' + - description: Run live queries, manage packs and saved queries. name: Security Osquery API x-displayName: Security Osquery - description: >- @@ -27961,5 +51834,7 @@ tags: import new Timelines from an ndjson file. name: Security Timeline API x-displayName: Security timeline - - description: 'SLO APIs enable you to define, manage and track service-level objectives' + - description: SLO APIs enable you to define, manage and track service-level objectives name: slo + - name: spaces + - name: system diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 1b38c3ecc8984..5a028c273c2db 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -60,411 +60,29 @@ info: It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/). + + + This documentation contains work-in-progress information for future Elastic + Stack releases. title: Kibana APIs version: 1.0.2 x-doc-license: name: Attribution-NonCommercial-NoDerivatives 4.0 International - url: 'https://creativecommons.org/licenses/by-nc-nd/4.0/' + url: https://creativecommons.org/licenses/by-nc-nd/4.0/ x-feedbackLink: label: Feedback url: >- https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ servers: - - url: 'https://{kibana_url}' + - url: https://{kibana_url} variables: kibana_url: - default: 'localhost:5601' + default: localhost:5601 paths: - /api/actions: - get: - deprecated: true - operationId: '%2Fapi%2Factions#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/action: - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - actionTypeId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - '/api/actions/action/{id}': - delete: - deprecated: true - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - put: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - '/api/actions/action/{id}/_execute': - post: - deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors /api/actions/connector_types: get: description: You do not need any Kibana feature privileges to run this API. - operationId: '%2Fapi%2Factions%2Fconnector_types#0' + operationId: get-actions-connector-types parameters: - description: The version of the API to use in: header @@ -486,10 +104,10 @@ paths: summary: Get connector types tags: - connectors - '/api/actions/connector/{id}': + /api/actions/connector/{id}: delete: description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' + operationId: delete-actions-connector-id parameters: - description: The version of the API to use in: header @@ -519,7 +137,7 @@ paths: tags: - connectors get: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' + operationId: get-actions-connector-id parameters: - description: The version of the API to use in: header @@ -584,7 +202,7 @@ paths: tags: - connectors post: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' + operationId: post-actions-connector-id parameters: - description: The version of the API to use in: header @@ -680,7 +298,7 @@ paths: tags: - connectors put: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' + operationId: put-actions-connector-id parameters: - description: The version of the API to use in: header @@ -771,12 +389,12 @@ paths: summary: Update a connector tags: - connectors - '/api/actions/connector/{id}/_execute': + /api/actions/connector/{id}/_execute: post: description: >- You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' + operationId: post-actions-connector-id-execute parameters: - description: The version of the API to use in: header @@ -861,7 +479,7 @@ paths: - connectors /api/actions/connectors: get: - operationId: '%2Fapi%2Factions%2Fconnectors#0' + operationId: get-actions-connectors parameters: - description: The version of the API to use in: header @@ -875,23 +493,6 @@ paths: summary: Get all connectors tags: - connectors - /api/actions/list_action_types: - get: - deprecated: true - operationId: '%2Fapi%2Factions%2Flist_action_types#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get connector types - tags: - - connectors /api/alerting/_health: get: description: > @@ -968,7 +569,7 @@ paths: example: true type: boolean is_sufficiently_secure: - description: 'If `false`, security is enabled but TLS is not.' + description: If `false`, security is enabled but TLS is not. example: true type: boolean description: Indicates a successful call. @@ -1280,9 +881,9 @@ paths: summary: Get the rule types tags: - alerting - '/api/alerting/rule/{id}': + /api/alerting/rule/{id}: delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' + operationId: delete-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -1318,7 +919,7 @@ paths: tags: - alerting get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' + operationId: get-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -1776,73 +1377,14 @@ paths: description: Duration of the rule run. type: number outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string success: description: >- Indicates whether the rule run was @@ -1990,11 +1532,13 @@ paths: items: description: Indicates hours of the day to recur. type: number + nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number + nullable: true type: array bymonth: items: @@ -2002,16 +1546,19 @@ paths: Indicates months of the year that this rule should recur. type: number + nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number + nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number + nullable: true type: array bysetpos: items: @@ -2022,6 +1569,7 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number + nullable: true type: array byweekday: items: @@ -2035,11 +1583,13 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number + nullable: true type: array byyearday: items: @@ -2047,6 +1597,7 @@ paths: Indicates the days of the year that this rule should recur. type: number + nullable: true type: array count: description: >- @@ -2084,7 +1635,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: 'Indicates the start of week, defaults to Monday.' + description: Indicates the start of week, defaults to Monday. enum: - MO - TU @@ -2166,7 +1717,7 @@ paths: tags: - alerting post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' + operationId: post-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -2949,73 +2500,14 @@ paths: description: Duration of the rule run. type: number outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string success: description: >- Indicates whether the rule run was @@ -3163,11 +2655,13 @@ paths: items: description: Indicates hours of the day to recur. type: number + nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number + nullable: true type: array bymonth: items: @@ -3175,16 +2669,19 @@ paths: Indicates months of the year that this rule should recur. type: number + nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number + nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number + nullable: true type: array bysetpos: items: @@ -3195,6 +2692,7 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number + nullable: true type: array byweekday: items: @@ -3208,11 +2706,13 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number + nullable: true type: array byyearday: items: @@ -3220,6 +2720,7 @@ paths: Indicates the days of the year that this rule should recur. type: number + nullable: true type: array count: description: >- @@ -3257,7 +2758,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: 'Indicates the start of week, defaults to Monday.' + description: Indicates the start of week, defaults to Monday. enum: - MO - TU @@ -3339,7 +2840,7 @@ paths: tags: - alerting put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' + operationId: put-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -4093,73 +3594,14 @@ paths: description: Duration of the rule run. type: number outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string success: description: >- Indicates whether the rule run was @@ -4307,11 +3749,13 @@ paths: items: description: Indicates hours of the day to recur. type: number + nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number + nullable: true type: array bymonth: items: @@ -4319,16 +3763,19 @@ paths: Indicates months of the year that this rule should recur. type: number + nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number + nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number + nullable: true type: array bysetpos: items: @@ -4339,6 +3786,7 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number + nullable: true type: array byweekday: items: @@ -4352,11 +3800,13 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number + nullable: true type: array byyearday: items: @@ -4364,6 +3814,7 @@ paths: Indicates the days of the year that this rule should recur. type: number + nullable: true type: array count: description: >- @@ -4401,7 +3852,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: 'Indicates the start of week, defaults to Monday.' + description: Indicates the start of week, defaults to Monday. enum: - MO - TU @@ -4484,9 +3935,9 @@ paths: summary: Update a rule tags: - alerting - '/api/alerting/rule/{id}/_disable': + /api/alerting/rule/{id}/_disable: post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' + operationId: post-alerting-rule-id-disable parameters: - description: The version of the API to use in: header @@ -4533,9 +3984,9 @@ paths: summary: Disable a rule tags: - alerting - '/api/alerting/rule/{id}/_enable': + /api/alerting/rule/{id}/_enable: post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' + operationId: post-alerting-rule-id-enable parameters: - description: The version of the API to use in: header @@ -4570,9 +4021,9 @@ paths: summary: Enable a rule tags: - alerting - '/api/alerting/rule/{id}/_mute_all': + /api/alerting/rule/{id}/_mute_all: post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' + operationId: post-alerting-rule-id-mute-all parameters: - description: The version of the API to use in: header @@ -4607,9 +4058,9 @@ paths: summary: Mute all alerts tags: - alerting - '/api/alerting/rule/{id}/_unmute_all': + /api/alerting/rule/{id}/_unmute_all: post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' + operationId: post-alerting-rule-id-unmute-all parameters: - description: The version of the API to use in: header @@ -4644,9 +4095,9 @@ paths: summary: Unmute all alerts tags: - alerting - '/api/alerting/rule/{id}/_update_api_key': + /api/alerting/rule/{id}/_update_api_key: post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' + operationId: post-alerting-rule-id-update-api-key parameters: - description: The version of the API to use in: header @@ -4683,10 +4134,9 @@ paths: summary: Update the API key for a rule tags: - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': + /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 + operationId: post-alerting-rule-rule-id-alert-alert-id-mute parameters: - description: The version of the API to use in: header @@ -4727,10 +4177,9 @@ paths: summary: Mute an alert tags: - alerting - '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': + /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 + operationId: post-alerting-rule-rule-id-alert-alert-id-unmute parameters: - description: The version of the API to use in: header @@ -4773,7 +4222,7 @@ paths: - alerting /api/alerting/rules/_find: get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' + operationId: get-alerting-rules-find parameters: - description: The version of the API to use in: header @@ -5331,73 +4780,14 @@ paths: description: Duration of the rule run. type: number outcome: - additionalProperties: false - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: >- - Number of ignored alerts during last - run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: >- - Number of recovered alerts during last - run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value - could be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: >- - Outcome message generated during last - rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count + description: >- + Outcome of last run of the rule. Value could + be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string success: description: >- Indicates whether the rule run was @@ -5545,11 +4935,13 @@ paths: items: description: Indicates hours of the day to recur. type: number + nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number + nullable: true type: array bymonth: items: @@ -5557,16 +4949,19 @@ paths: Indicates months of the year that this rule should recur. type: number + nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number + nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number + nullable: true type: array bysetpos: items: @@ -5577,6 +4972,7 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number + nullable: true type: array byweekday: items: @@ -5590,11 +4986,13 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. + nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number + nullable: true type: array byyearday: items: @@ -5602,6 +5000,7 @@ paths: Indicates the days of the year that this rule should recur. type: number + nullable: true type: array count: description: >- @@ -5639,7 +5038,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: 'Indicates the start of week, defaults to Monday.' + description: Indicates the start of week, defaults to Monday. enum: - MO - TU @@ -5718,7 +5117,7 @@ paths: summary: Get information about rules tags: - alerting - '/api/alerts/alert/{alertId}': + /api/alerts/alert/{alertId}: delete: deprecated: true description: > @@ -6020,7 +5419,7 @@ paths: summary: Update an alert tags: - alerting - '/api/alerts/alert/{alertId}/_disable': + /api/alerts/alert/{alertId}/_disable: post: deprecated: true description: Deprecated in 7.13.0. Use the disable rule API instead. @@ -6046,7 +5445,7 @@ paths: summary: Disable an alert tags: - alerting - '/api/alerts/alert/{alertId}/_enable': + /api/alerts/alert/{alertId}/_enable: post: deprecated: true description: Deprecated in 7.13.0. Use the enable rule API instead. @@ -6072,7 +5471,7 @@ paths: summary: Enable an alert tags: - alerting - '/api/alerts/alert/{alertId}/_mute_all': + /api/alerts/alert/{alertId}/_mute_all: post: deprecated: true description: Deprecated in 7.13.0. Use the mute all alerts API instead. @@ -6098,7 +5497,7 @@ paths: summary: Mute all alert instances tags: - alerting - '/api/alerts/alert/{alertId}/_unmute_all': + /api/alerts/alert/{alertId}/_unmute_all: post: deprecated: true description: Deprecated in 7.13.0. Use the unmute all alerts API instead. @@ -6124,7 +5523,7 @@ paths: summary: Unmute all alert instances tags: - alerting - '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute': + /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute: post: deprecated: true description: Deprecated in 7.13.0. Use the mute alert API instead. @@ -6157,7 +5556,7 @@ paths: summary: Mute an alert instance tags: - alerting - '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute': + /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute: post: deprecated: true description: Deprecated in 7.13.0. Use the unmute alert API instead. @@ -6384,7 +5783,7 @@ paths: example: true type: boolean isSufficientlySecure: - description: 'If `false`, security is enabled but TLS is not.' + description: If `false`, security is enabled but TLS is not. example: true type: boolean description: Indicates a successful call. @@ -6529,8 +5928,8 @@ paths: privileges: items: enum: - - 'event:write' - - 'config_agent:read' + - event:write + - config_agent:read type: string type: array required: true @@ -6556,7 +5955,7 @@ paths: summary: Create an APM agent key tags: - APM agent keys - '/api/apm/services/{serviceName}/annotation': + /api/apm/services/{serviceName}/annotation: post: description: Create a new annotation for a specific service. operationId: createAnnotation @@ -6631,7 +6030,7 @@ paths: summary: Create a service annotation tags: - APM annotations - '/api/apm/services/{serviceName}/annotation/search': + /api/apm/services/{serviceName}/annotation/search: get: description: Search for annotations related to a specific service. operationId: getAnnotation @@ -6688,7 +6087,7 @@ paths: - APM annotations /api/asset_criticality: delete: - description: Delete the asset criticality record for a specific asset if it exists. + description: Delete the asset criticality record for a specific entity. operationId: DeleteAssetCriticalityRecord parameters: - description: The ID value of the asset. @@ -6733,11 +6132,11 @@ paths: description: Successful response '400': description: Invalid request - summary: Delete Criticality Record + summary: Delete an asset criticality record tags: - Security Entity Analytics API get: - description: Get the criticality record for a specific asset. + description: Get the asset criticality record for a specific entity. operationId: GetAssetCriticalityRecord parameters: - description: The ID value of the asset. @@ -6765,11 +6164,17 @@ paths: description: Invalid request '404': description: Criticality record not found - summary: Get Criticality Record + summary: Get an asset criticality record tags: - Security Entity Analytics API post: - description: Create or update a criticality record for a specific asset. + description: > + Create or update an asset criticality record for a specific entity. + + + If a record already exists for the specified entity, that record is + overwritten with the specified value. If a record doesn't exist for the + specified entity, a new record is created. operationId: CreateAssetCriticalityRecord requestBody: content: @@ -6798,14 +6203,19 @@ paths: description: Successful response '400': description: Invalid request - summary: Upsert Criticality Record + summary: Upsert an asset criticality record tags: - Security Entity Analytics API /api/asset_criticality/bulk: post: - description: >- - Bulk upsert up to 1000 asset criticality records, creating or updating - them as needed. + description: > + Bulk upsert up to 1000 asset criticality records. + + + If asset criticality records already exist for the specified entities, + those records are overwritten with the specified values. If asset + criticality records don't exist for the specified entities, new records + are created. operationId: BulkUpsertAssetCriticalityRecords requestBody: content: @@ -6859,12 +6269,12 @@ paths: description: Bulk upload successful '413': description: File too large - summary: Bulk Upsert Asset Criticality Records + summary: Bulk upsert asset criticality records tags: - Security Entity Analytics API /api/asset_criticality/list: get: - description: 'List asset criticality records, paging, sorting and filtering as needed.' + description: List asset criticality records, paging, sorting and filtering as needed. operationId: FindAssetCriticalityRecords parameters: - description: The field to sort by. @@ -6936,7 +6346,7 @@ paths: - per_page - total description: Bulk upload successful - summary: List Asset Criticality Records + summary: List asset criticality records tags: - Security Entity Analytics API /api/cases: @@ -7098,7 +6508,7 @@ paths: summary: Search cases tags: - cases - '/api/cases/{caseId}': + /api/cases/{caseId}: get: description: > You must have `read` privileges for the **Cases** feature in the @@ -7129,7 +6539,7 @@ paths: summary: Get case information tags: - cases - '/api/cases/{caseId}/alerts': + /api/cases/{caseId}/alerts: get: description: > You must have `read` privileges for the **Cases** feature in the @@ -7159,8 +6569,8 @@ paths: summary: Get all alerts for a case tags: - cases - x-technical-preview: true - '/api/cases/{caseId}/comments': + x-state: Technical preview + /api/cases/{caseId}/comments: delete: description: > Deletes all comments and alerts from a case. You must have `all` @@ -7287,7 +6697,7 @@ paths: summary: Add a case comment or alert tags: - cases - '/api/cases/{caseId}/comments/_find': + /api/cases/{caseId}/comments/_find: get: description: > Retrieves a paginated list of comments for a case. You must have `read` @@ -7317,7 +6727,7 @@ paths: summary: Find case comments and alerts tags: - cases - '/api/cases/{caseId}/comments/{commentId}': + /api/cases/{caseId}/comments/{commentId}: delete: description: > You must have `all` privileges for the **Cases** feature in the @@ -7373,7 +6783,7 @@ paths: summary: Get a case comment or alert tags: - cases - '/api/cases/{caseId}/connector/{connectorId}/_push': + /api/cases/{caseId}/connector/{connectorId}/_push: post: description: > You must have `all` privileges for the **Actions and Connectors** @@ -7411,7 +6821,7 @@ paths: summary: Push a case to an external service tags: - cases - '/api/cases/{caseId}/user_actions': + /api/cases/{caseId}/user_actions: get: deprecated: true description: > @@ -7442,7 +6852,7 @@ paths: summary: Get case activity tags: - cases - '/api/cases/{caseId}/user_actions/_find': + /api/cases/{caseId}/user_actions/_find: get: description: > Retrives a paginated list of user activity for a case. You must have @@ -7488,7 +6898,7 @@ paths: summary: Find case activity tags: - cases - '/api/cases/alerts/{alertId}': + /api/cases/alerts/{alertId}: get: description: > You must have `read` privileges for the **Cases** feature in the @@ -7527,7 +6937,7 @@ paths: summary: Get cases for an alert tags: - cases - x-technical-preview: true + x-state: Technical preview /api/cases/configure: get: description: > @@ -7909,7 +7319,7 @@ paths: summary: Add case settings tags: - cases - '/api/cases/configure/{configurationId}': + /api/cases/configure/{configurationId}: patch: description: > Updates setting details such as the closure type, custom fields, @@ -8351,7 +7761,7 @@ paths: summary: Create a data view tags: - data views - '/api/data_views/data_view/{viewId}': + /api/data_views/data_view/{viewId}: delete: description: | WARNING: When you delete a data view, it cannot be recovered. @@ -8424,7 +7834,7 @@ paths: summary: Update a data view tags: - data views - '/api/data_views/data_view/{viewId}/fields': + /api/data_views/data_view/{viewId}/fields: post: description: > Update fields presentation metadata such as count, customLabel, @@ -8467,7 +7877,7 @@ paths: summary: Update data view fields metadata tags: - data views - '/api/data_views/data_view/{viewId}/runtime_field': + /api/data_views/data_view/{viewId}/runtime_field: post: operationId: createRuntimeFieldDefault parameters: @@ -8559,7 +7969,7 @@ paths: summary: Create or update a runtime field tags: - data views - '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': + /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: delete: operationId: deleteRuntimeFieldDefault parameters: @@ -9162,7 +8572,7 @@ paths: items: $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' type: array - description: 'A JSON array of rules, where each rule contains the required fields.' + description: A JSON array of rules, where each rule contains the required fields. required: true responses: '200': @@ -9303,7 +8713,7 @@ paths: items: $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' type: array - description: 'A JSON array of rules, where each rule contains the required fields.' + description: A JSON array of rules, where each rule contains the required fields. required: true responses: '200': @@ -9607,8 +9017,9 @@ paths: tags: - Security Detections API - Import/Export API - '/api/detection_engine/rules/{id}/exceptions': + /api/detection_engine/rules/{id}/exceptions: post: + description: Create exception items that apply to a single detection rule. operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier @@ -9672,7 +9083,7 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Creates rule exception list items + summary: Create rule exception list items tags: - Security Exceptions API /api/detection_engine/rules/prepackaged: @@ -10484,7 +9895,10 @@ paths: - saved objects /api/endpoint_list: post: - description: Creates an endpoint list or does nothing if the list already exists + description: >- + Create an endpoint exception list, which groups endpoint exception list + items. If an endpoint exception list already exists, an empty response + is returned. operationId: CreateEndpointList responses: '200': @@ -10525,11 +9939,14 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Creates an endpoint list + summary: Create an endpoint exception list tags: - Security Endpoint Exceptions API /api/endpoint_list/items: delete: + description: >- + Delete an endpoint exception list item using the `id` or `item_id` + field. operationId: DeleteEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -10592,10 +10009,13 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Deletes an endpoint list item + summary: Delete an endpoint exception list item tags: - Security Endpoint Exceptions API get: + description: >- + Get the details of an endpoint exception list item using the `id` or + `item_id` field. operationId: ReadEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -10660,10 +10080,13 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Reads an endpoint list item + summary: Get an endpoint exception list item tags: - Security Endpoint Exceptions API post: + description: >- + Create an endpoint exception list item, and associate it with the + endpoint exception list. operationId: CreateEndpointListItem requestBody: content: @@ -10754,10 +10177,13 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Creates an endpoint list item + summary: Create an endpoint exception list item tags: - Security Endpoint Exceptions API put: + description: >- + Update an endpoint exception list item using the `id` or `item_id` + field. operationId: UpdateEndpointListItem requestBody: content: @@ -10854,11 +10280,12 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Updates an endpoint list item + summary: Update an endpoint exception list item tags: - Security Endpoint Exceptions API /api/endpoint_list/items/_find: get: + description: Get a list of all endpoint exception list items. operationId: FindEndpointListItems parameters: - description: > @@ -10893,7 +10320,7 @@ paths: schema: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - - description: 'Determines the sort order, which can be `desc` or `asc`' + - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order required: false @@ -10969,7 +10396,7 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Finds endpoint list items + summary: Get endpoint exception list items tags: - Security Endpoint Exceptions API /api/endpoint/action: @@ -10994,7 +10421,7 @@ paths: summary: Get response actions tags: - Security Endpoint Management API - '/api/endpoint/action_log/{agent_id}': + /api/endpoint/action_log/{agent_id}: get: deprecated: true description: Get an action request log for the specified agent ID. @@ -11046,7 +10473,7 @@ paths: summary: Get response actions status tags: - Security Endpoint Management API - '/api/endpoint/action/{action_id}': + /api/endpoint/action/{action_id}: get: description: Get the details of a response action using the action ID. operationId: EndpointGetActionsDetails @@ -11067,7 +10494,7 @@ paths: summary: Get action details tags: - Security Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}': + /api/endpoint/action/{action_id}/file/{file_id}: get: description: Get information for the specified file using the file ID. operationId: EndpointFileInfo @@ -11093,7 +10520,7 @@ paths: summary: Get file information tags: - Security Endpoint Management API - '/api/endpoint/action/{action_id}/file/{file_id}/download': + /api/endpoint/action/{action_id}/file/{file_id}/download: get: description: Download a file from an endpoint. operationId: EndpointFileDownload @@ -11294,7 +10721,7 @@ paths: - Security Endpoint Management API /api/endpoint/action/unisolate: post: - description: 'Release an isolated endpoint, allowing it to rejoin a network.' + description: Release an isolated endpoint, allowing it to rejoin a network. operationId: EndpointUnisolateAction requestBody: content: @@ -11414,7 +10841,7 @@ paths: summary: Get a metadata list tags: - Security Endpoint Management API - '/api/endpoint/metadata/{id}': + /api/endpoint/metadata/{id}: get: operationId: GetEndpointMetadata parameters: @@ -11499,7 +10926,7 @@ paths: summary: Get an agent policy summary tags: - Security Endpoint Management API - '/api/endpoint/protection_updates_note/{package_policy_id}': + /api/endpoint/protection_updates_note/{package_policy_id}: get: operationId: GetProtectionUpdatesNote parameters: @@ -11547,7 +10974,7 @@ paths: summary: Create or update a protection updates note tags: - Security Endpoint Management API - '/api/endpoint/suggestions/{suggestion_type}': + /api/endpoint/suggestions/{suggestion_type}: post: deprecated: true operationId: GetEndpointSuggestions @@ -11663,7 +11090,7 @@ paths: summary: List the Entity Engines tags: - Security Entity Analytics API - '/api/entity_store/engines/{entityType}': + /api/entity_store/engines/{entityType}: delete: operationId: DeleteEntityEngine parameters: @@ -11712,7 +11139,7 @@ paths: summary: Get an Entity Engine tags: - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/init': + /api/entity_store/engines/{entityType}/init: post: operationId: InitEntityEngine parameters: @@ -11750,7 +11177,7 @@ paths: summary: Initialize an Entity Engine tags: - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/start': + /api/entity_store/engines/{entityType}/start: post: operationId: StartEntityEngine parameters: @@ -11773,7 +11200,7 @@ paths: summary: Start an Entity Engine tags: - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/stats': + /api/entity_store/engines/{entityType}/stats: post: operationId: GetEntityEngineStats parameters: @@ -11811,7 +11238,7 @@ paths: summary: Get Entity Engine stats tags: - Security Entity Analytics API - '/api/entity_store/engines/{entityType}/stop': + /api/entity_store/engines/{entityType}/stop: post: operationId: StopEntityEngine parameters: @@ -11886,7 +11313,7 @@ paths: - Security Entity Analytics API /api/entity_store/entities/list: get: - description: 'List entities records, paging, sorting and filtering as needed.' + description: List entities records, paging, sorting and filtering as needed. operationId: ListEntities parameters: - in: query @@ -11964,6 +11391,7 @@ paths: - Security Entity Analytics API /api/exception_lists: delete: + description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - description: Either `id` or `list_id` must be specified @@ -12028,10 +11456,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Deletes an exception list + summary: Delete an exception list tags: - Security Exceptions API get: + description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - description: Either `id` or `list_id` must be specified @@ -12096,10 +11525,23 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Retrieves an exception list using its `id` or `list_id` field + summary: Get exception list details tags: - Security Exceptions API post: + description: > + An exception list groups exception items and can be associated with + detection rules. You can assign detection rules with multiple exception + lists. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList requestBody: content: @@ -12186,10 +11628,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Creates an exception list + summary: Create an exception list tags: - Security Exceptions API put: + description: Update an exception list using the `id` or `list_id` field. operationId: UpdateExceptionList requestBody: content: @@ -12279,11 +11722,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Updates an exception list + summary: Update an exception list tags: - Security Exceptions API /api/exception_lists/_duplicate: post: + description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - description: Exception list's human identifier @@ -12353,12 +11797,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Duplicates an exception list + summary: Duplicate an exception list tags: - Security Exceptions API /api/exception_lists/_export: post: - description: Exports an exception list and its associated items to an .ndjson file + description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - description: Exception list's identifier @@ -12438,11 +11882,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Exports an exception list + summary: Export an exception list tags: - Security Exceptions API /api/exception_lists/_find: get: + description: Get a list of all exception lists. operationId: FindExceptionLists parameters: - description: > @@ -12499,7 +11944,7 @@ paths: required: false schema: type: string - - description: 'Determines the sort order, which can be `desc` or `asc`' + - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order required: false @@ -12565,12 +12010,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Finds exception lists + summary: Get exception lists tags: - Security Exceptions API /api/exception_lists/_import: post: - description: Imports an exception list and associated items + description: Import an exception list and its associated items from an NDJSON file. operationId: ImportExceptionList parameters: - description: > @@ -12686,11 +12131,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Imports an exception list + summary: Import an exception list tags: - Security Exceptions API /api/exception_lists/items: delete: + description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - description: Either `id` or `item_id` must be specified @@ -12756,10 +12202,13 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Deletes an exception list item + summary: Delete an exception list item tags: - Security Exceptions API get: + description: >- + Get the details of an exception list item using the `id` or `item_id` + field. operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified @@ -12825,10 +12274,17 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Gets an exception list item + summary: Get an exception list item tags: - Security Exceptions API post: + description: > + Create an exception item and associate it with the specified exception + list. + + > info + + > Before creating exception items, you must create an exception list. operationId: CreateExceptionListItem requestBody: content: @@ -12927,10 +12383,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Creates an exception list item + summary: Create an exception list item tags: - Security Exceptions API put: + description: Update an exception list item using the `id` or `item_id` field. operationId: UpdateExceptionListItem requestBody: content: @@ -13034,11 +12491,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Updates an exception list item + summary: Update an exception list item tags: - Security Exceptions API /api/exception_lists/items/_find: get: + description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - description: List's id @@ -13104,7 +12562,7 @@ paths: required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' + - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order required: false @@ -13178,11 +12636,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Finds exception list items + summary: Get exception list items tags: - Security Exceptions API /api/exception_lists/summary: get: + description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - description: Exception list's identifier generated upon creation @@ -13266,11 +12725,24 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Retrieves an exception list summary + summary: Get an exception list summary tags: - Security Exceptions API /api/exceptions/shared: post: + description: > + An exception list groups exception items and can be associated with + detection rules. A shared exception list can apply to multiple detection + rules. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. operationId: CreateSharedExceptionList requestBody: content: @@ -13331,3629 +12803,7031 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Creates a shared exception list + summary: Create a shared exception list tags: - Security Exceptions API /api/fleet/agent_download_sources: get: - operationId: get-download-sources + description: List agent binary download sources + operationId: get-fleet-agent-download-sources + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: - $ref: '#/components/schemas/Fleet_download_sources' + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host type: array page: - type: integer + type: number perPage: - type: integer + type: number total: - type: integer - description: OK + type: number + required: + - items + - total + - page + - perPage '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent binary download sources + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - Elastic Agent binary download sources post: - operationId: post-download-sources + description: Create agent binary download source + operationId: post-fleet-agent-download-sources + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: host: + format: uri type: string id: type: string is_default: + default: false type: boolean name: type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the + proxies API for more information. + nullable: true + type: string required: - name - host - - is_default responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: - $ref: '#/components/schemas/Fleet_download_sources' - description: OK + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent binary download source + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - Elastic Agent binary download sources - '/api/fleet/agent_download_sources/{sourceId}': + /api/fleet/agent_download_sources/{sourceId}: delete: - operationId: delete-download-source + description: Delete agent binary download source by ID + operationId: delete-fleet-agent-download-sources-sourceid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: sourceId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: id: type: string required: - id - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent binary download source by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - Elastic Agent binary download sources get: - operationId: get-one-download-source + description: Get agent binary download source by ID + operationId: get-fleet-agent-download-sources-sourceid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: sourceId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: - $ref: '#/components/schemas/Fleet_download_sources' + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host required: - item - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent binary download source by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - Elastic Agent binary download sources - parameters: - - in: path - name: sourceId - required: true - schema: - type: string put: - operationId: update-download-source + description: Update agent binary download source by ID + operationId: put-fleet-agent-download-sources-sourceid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: sourceId + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: host: + format: uri + type: string + id: type: string is_default: + default: false type: boolean name: type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the + proxies API for more information. + nullable: true + type: string required: - name - - is_default - host responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: - $ref: '#/components/schemas/Fleet_download_sources' + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. + See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host required: - item - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent binary download source by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - Elastic Agent binary download sources /api/fleet/agent_policies: get: - description: '' - operationId: agent-policy-list + description: List agent policies + operationId: get-fleet-agent-policies parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' - - description: >- - When set to true, retrieve the related package policies for each - agent policy. - in: query - name: full + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page + required: false + schema: + type: number + - in: query + name: perPage + required: false + schema: + type: number + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - desc + - asc + type: string + - in: query + name: showUpgradeable + required: false schema: type: boolean - - description: >- - When set to true, do not count how many agents are in the agent - policy, this can improve performance if you are searching over a - large number of agent policies. The "agents" property will always be - 0 if set to true. + - in: query + name: kuery + required: false + schema: + type: string + - description: use withAgentCount instead in: query name: noAgentCount + required: false + schema: + deprecated: true + type: boolean + - description: get policies with agent count + in: query + name: withAgentCount + required: false + schema: + type: boolean + - description: get full policies with package policies populated + in: query + name: full + required: false schema: type: boolean + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent policies - tags: - - Elastic Agent policies - post: - operationId: create-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_policy_create_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - operationId: bulk-get-agent-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of agent policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list + of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank + to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package + policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports + agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get agent policies - tags: - - Elastic Agent policies - '/api/fleet/agent_policies/{agentPolicyId}': - get: - description: Get one agent policy - operationId: agent-policy-info - parameters: [] - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK + - total + - page + - perPage '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' - put: - operationId: update-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_policy_update_request' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' + error: + type: string + message: + type: string + statusCode: + type: number required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent policy by ID + - message + summary: '' tags: - Elastic Agent policies - '/api/fleet/agent_policies/{agentPolicyId}/copy': - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' post: - operationId: agent-policy-copy + description: Create an agent policy + operationId: post-fleet-agent-policies parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: sys_monitoring + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string description: type: string - name: + download_source_id: + nullable: true type: string - required: - - name - description: '' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Copy agent policy by ID - tags: - - Elastic Agent policies - '/api/fleet/agent_policies/{agentPolicyId}/download': - get: - operationId: agent-policy-download - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Download agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - '/api/fleet/agent_policies/{agentPolicyId}/full': - get: - operationId: agent-policy-full - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - oneOf: - - type: string - - $ref: '#/components/schemas/Fleet_agent_policy_full' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /api/fleet/agent_policies/delete: - parameters: [] - post: - operationId: delete-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agentPolicyId: + fleet_server_host_id: + nullable: true type: string force: + type: boolean + global_data_tags: description: >- - bypass validation checks that can prevent agent policy - deletion + User defined data tags that are added to all of the inputs. + The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: type: boolean - required: - - agentPolicyId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces type: string - success: - type: boolean - required: - - id - - success - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent policy by ID - tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - operationId: get-agent-status - parameters: - - in: query - name: policyId - required: false - schema: - type: string - - deprecated: true - in: query - name: kuery - required: false - schema: - type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent policy. + Input settings cannot be overridden. The override option + should be used only in unusual circumstances and not as a + routine procedure. + nullable: true + type: object + space_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - active: - type: integer - all: - type: integer - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - deprecated: true - type: integer - unenrolled: - type: integer - updating: - type: integer - required: - - active - - all - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - operationId: get-agent-data - parameters: - - in: query - name: agentsIds - required: true - schema: - items: - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - additionalProperties: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false type: object properties: - data: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: type: boolean - type: object - type: array - description: OK + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Get incoming agent data - tags: - - Elastic Agent status - /api/fleet/agent-status: - get: - deprecated: true - operationId: get-agent-status-deprecated - parameters: - - in: query - name: policyId - required: false - schema: - type: string - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - type: integer - updating: - type: integer + type: string + message: + type: string + statusCode: + type: number required: - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary + - message + summary: '' tags: - - Elastic Agent status - /api/fleet/agents: - get: - operationId: get-agents - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_show_inactive' - - $ref: '#/components/parameters/Fleet_show_upgradeable' - - $ref: '#/components/parameters/Fleet_sort_field' - - $ref: '#/components/parameters/Fleet_sort_order' - - $ref: '#/components/parameters/Fleet_with_metrics' + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: + post: + description: Bulk get agent policies + operationId: post-fleet-agent-policies-bulk-get + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: query - name: getStatusSummary + name: format required: false schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_agents_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents - tags: - - Elastic Agents - post: - operationId: get-agents-by-actions - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - actionIds: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of package policy ids items: type: string type: array + ignoreMissing: + type: boolean required: - - policy_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_get_by_actions' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents by action ids - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}': - delete: - operationId: delete-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent by ID - tags: - - Elastic Agents - get: - operationId: get-agent - parameters: - - $ref: '#/components/parameters/Fleet_with_metrics' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent by ID - tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - put: - operationId: update-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - tags: - items: - type: string - type: array - user_provided_metadata: - type: object - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent by ID - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/actions': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: new-agent-action - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - $ref: '#/components/schemas/Fleet_agent_action' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - items: - type: number - type: array - headers: - type: string - statusCode: - type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent action - tags: - - Elastic Agent actions - '/api/fleet/agents/{agentId}/reassign': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: reassign-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent - tags: - - Elastic Agents - put: - deprecated: true - operationId: reassign-agent-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/request_diagnostics': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: request-diagnostics-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Request agent diagnostics - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/unenroll': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: unenroll-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: number - description: BAD REQUEST - summary: Unenroll agent - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/upgrade': - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: upgrade-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade agent - tags: - - Elastic Agents - '/api/fleet/agents/{agentId}/uploads': - get: - operationId: list-agent-uploads - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: object - properties: - item: - items: - $ref: '#/components/schemas/Fleet_agent_diagnostics' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent uploads - tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - /api/fleet/agents/action_status: - get: - operationId: agents-action-status - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - in: query - name: errorSize - schema: - default: 5 - type: integer + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: + additionalProperties: false type: object properties: - actionId: - type: string - cancellationTime: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true type: string - completionTime: + description: type: string - creationTime: - description: creation time of action + download_source_id: + nullable: true type: string - expiration: + fleet_server_host_id: + nullable: true type: string - latestErrors: + global_data_tags: description: >- - latest errors that happened when the agents executed - the action + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. items: + additionalProperties: false type: object properties: - agentId: - type: string - error: - type: string - timestamp: + name: type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true type: string - policyId: - description: policy id (POLICY_CHANGE action) + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 type: string - revision: - description: new policy revision (POLICY_CHANGE action) + namespace: + minLength: 1 type: string - startTime: - description: start time of action (scheduled actions) + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list + of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank + to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package + policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: type: string + space_ids: + items: + type: string + type: array status: enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED + - active + - inactive type: string - type: - enum: - - POLICY_REASSIGN - - UPGRADE - - UNENROLL - - FORCE_UNENROLL - - UPDATE_TAGS - - CANCEL - - REQUEST_DIAGNOSTICS - - SETTINGS - - POLICY_CHANGE - - INPUT_ACTION + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports + agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: type: string version: - description: agent version number (UPGRADE action) type: string required: - - actionId - - complete - - nbAgentsActioned - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed + - id + - name + - namespace + - is_managed + - is_protected - status - - creationTime - - type + - updated_at + - updated_by + - revision type: array required: - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent action status - tags: - - Elastic Agent actions - '/api/fleet/agents/actions/{actionId}/cancel': - parameters: - - in: path - name: actionId - required: true - schema: - type: string - post: - operationId: agent-action-cancel - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_action' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Cancel agent action - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_reassign: - post: - operationId: bulk-reassign-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - policy_id: policy_id - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - policy_id: - description: new agent policy id - type: string - required: - - policy_id - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk reassign agents - tags: - - Elastic Agents - /api/fleet/agents/bulk_request_diagnostics: - post: - operationId: bulk-request-diagnostics - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk request diagnostics from agents - tags: - - Elastic Agents - /api/fleet/agents/bulk_unenroll: - post: - operationId: bulk-unenroll-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - force: false - revoke: true - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk unenroll agents - tags: - - Elastic Agents - /api/fleet/agents/bulk_update_agent_tags: - post: - operationId: bulk-update-agent-tags - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - tagsToAdd: - - newTag - tagsToRemove: - - existingTag - schema: - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: + error: type: string - type: array - required: - - agents - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk update agent tags + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Agents - /api/fleet/agents/bulk_upgrade: - post: - operationId: bulk-upgrade-agents + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}: + get: + description: Get an agent policy by ID + operationId: get-fleet-agent-policies-agentpolicyid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - rollout_duration_seconds: 3600 - source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' - start_time: '2022-08-03T14:00:00.000Z' - version: 8.4.0 - schema: - $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk upgrade agents - tags: - - Elastic Agents - '/api/fleet/agents/files/{fileId}': - delete: - operationId: delete-agent-upload-file + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - body: + item: + additionalProperties: false type: object properties: - deleted: - type: boolean - id: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete file uploaded by agent - tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - '/api/fleet/agents/files/{fileId}/{fileName}': - get: - operationId: get-agent-upload-file - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: object - properties: - items: + advanced_settings: + additionalProperties: false type: object properties: - body: {} - headers: {} - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get file uploaded by agent - tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - /api/fleet/agents/setup: - get: - operationId: get-agents-setup-status - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_status_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent setup info - tags: - - Elastic Agents - post: - operationId: setup-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - admin_password: - type: string - admin_username: - type: string - required: - - admin_username - - admin_password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Initiate agent setup - tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - operationId: get-agent-tags - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_agent_tags_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent tags - tags: - - Elastic Agents - /api/fleet/data_streams: - get: - operationId: data-streams-list - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data_streams: - items: - $ref: '#/components/schemas/Fleet_data_stream' - type: array - description: OK + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: List data streams - tags: - - Data streams - parameters: [] - /api/fleet/enrollment_api_keys: - get: - operationId: get-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: + error: + type: string + message: + type: string + statusCode: type: number required: - - items - - page - - perPage - - total - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + - message + summary: '' tags: - - Fleet enrollment API keys - post: - operationId: create-enrollment-api-keys + - Elastic Agent policies + put: + description: Update an agent policy by ID + operationId: put-fleet-agent-policies-agentpolicyid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - name: - description: The name of the enrollment API key. Must be unique. + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true type: string - policy_id: + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + User defined data tags that are added to all of the inputs. + The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: type: string - required: - - policy_id - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: enum: - - created + - logs + - metrics + - traces type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - '/api/fleet/enrollment_api_keys/{keyId}': - delete: - operationId: delete-enrollment-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - deleted + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent policy. + Input settings cannot be overridden. The override option + should be used only in unusual circumstances and not as a + routine procedure. + nullable: true + type: object + space_ids: + items: type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Revoke enrollment API key by ID by marking it as inactive - tags: - - Fleet enrollment API keys - get: - operationId: get-enrollment-api-key + type: array + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID - tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/enrollment-api-keys: - get: - deprecated: true - operationId: get-enrollment-api-keys-deprecated - parameters: [] - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys - tags: - - Fleet enrollment API keys - post: - deprecated: true - operationId: create-enrollment-api-keys-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - '/api/fleet/enrollment-api-keys/{keyId}': - delete: - deprecated: true - operationId: delete-enrollment-api-key-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID - tags: - - Fleet enrollment API keys - get: - deprecated: true - operationId: get-enrollment-api-key-deprecated - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID - tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/epm/bulk_assets: - post: - operationId: bulk-get-assets - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assetIds: - description: list of items necessary to fetch assets - items: + additionalProperties: false type: object properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean id: type: string - type: + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true type: string - type: array - required: - - assetIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_bulk_assets_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get assets - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - operationId: get-package-categories - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_categories_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package categories - tags: - - Elastic Package Manager (EPM) - parameters: - - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: include_policy_templates - schema: - default: false - type: boolean - /api/fleet/epm/packages: - get: - operationId: list-all-packages - parameters: - - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. - in: query - name: excludeInstallStatus - schema: - default: false - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: category - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_get_packages_response' - description: OK + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: List packages - tags: - - Elastic Package Manager (EPM) - post: - description: '' - operationId: install-package-by-upload - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - _meta: - type: object - properties: - install_source: - enum: - - upload - - registry - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + error: + type: string + message: + type: string + statusCode: + type: number required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '429': - $ref: '#/components/responses/Fleet_error' - summary: Install by package by direct upload + - message + summary: '' tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/copy: post: - operationId: bulk-install-packages + description: Copy an agent policy by ID + operationId: post-fleet-agent-policies-agentpolicyid-copy parameters: - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease + - description: The version of the API to use + in: header + name: elastic-api-version schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - description: force install to ignore package verification errors - type: boolean - packages: - description: list of packages to install - items: - oneOf: - - description: package name - type: string - - type: object - properties: - name: - description: package name - type: string - version: - description: package version - type: string - type: array - required: - - packages - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_bulk_install_packages_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk install packages - tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgkey}': - delete: - deprecated: true - operationId: delete-package-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: pkgkey + name: agentPolicyId required: true schema: type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - force: - type: boolean + description: + type: string + name: + minLength: 1 + type: string + required: + - name responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete ackage - tags: - - Elastic Package Manager (EPM) - get: - deprecated: true - operationId: get-package-deprecated - parameters: - - in: path - name: pkgkey - required: true - schema: - type: string - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - properties: - response: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - savedObject: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + default: 2h + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_level: + default: info + nullable: true + agent_logging_metrics_period: + default: 30s + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true type: string - status: - enum: - - installed - - installing - - install_failed - - not_installed + description: type: string - required: - - status - - savedObject - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package - tags: - - Elastic Package Manager (EPM) - post: - deprecated: true - description: '' - operationId: install-package-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package - tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgName}/{pkgVersion}': - delete: - operationId: delete-package - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: delete package even if policies used by agents - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - deprecated: true - type: object - properties: - force: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package - tags: - - Elastic Package Manager (EPM) - get: - operationId: get-package - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - allOf: - - properties: - item: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - keepPoliciesUpToDate: + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: >- + User defined data tags that are added to all of the + inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: type: boolean - latestVersion: + id: type: string - licensePath: + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: >- + Indicates whether the agent policy has tamper + protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: >- + When set to true, monitoring will be enabled but + logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + required: + - enabled + monitoring_output_id: + nullable: true type: string - notice: + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 type: string - savedObject: - deprecated: true + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: >- + Override settings that are defined in the agent + policy. Input settings cannot be overridden. The + override option should be used only in unusual + circumstances and not as a routine procedure. + nullable: true type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: >- + This field is present only when retrieving a + single agent policy, or when retrieving a list of + agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should + be used only in unusual circumstances and + not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy + will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + updated_at: + type: string + updated_by: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array status: enum: - - installed - - installing - - install_failed - - not_installed + - active + - inactive + type: string + supports_agentless: + default: false + description: >- + Indicates whether the agent policy supports agentless + integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: type: string required: + - id + - name + - namespace + - is_managed + - is_protected - status - - savedObject - type: object - description: OK + - updated_at + - updated_by + - revision + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry - in: query - name: full - schema: - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - post: - description: '' - operationId: install-package + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/download: + get: + description: Download an agent policy by ID + operationId: get-fleet-agent-policies-agentpolicyid-download parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false schema: - default: false type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover + - in: query + name: standalone + required: false + schema: + type: boolean + - in: query + name: kubernetes + required: false schema: - default: false type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - ignore_constraints: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - _meta: - type: object - properties: - install_source: - enum: - - registry - - upload - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK + type: string '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package - tags: - - Elastic Package Manager (EPM) - put: - description: '' - operationId: update-package - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - keepPoliciesUpToDate: - type: boolean - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array + error: + type: string + message: + type: string + statusCode: + type: number required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package settings - tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}': - get: - operationId: packages-get-file - responses: - '200': + - message + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: - type: object - headers: - type: object + error: + type: string + message: + type: string statusCode: type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package file + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': - post: - description: '' - operationId: reauthorize-transforms + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/full: + get: + description: Get a full agent policy by ID + operationId: get-fleet-agent-policies-agentpolicyid-full parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgName - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - in: path - name: pkgVersion + name: agentPolicyId required: true schema: type: string - - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) - in: query - name: prerelease + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: standalone + required: false + schema: + type: boolean + - in: query + name: kubernetes + required: false schema: - default: false type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - transforms: - items: - type: object - properties: - transformId: - type: string - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - error: - type: string - success: - type: boolean - transformId: - type: string - required: - - transformId - - error - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Authorize transforms - tags: - - Elastic Package Manager (EPM) - '/api/fleet/epm/packages/{pkgName}/stats': - get: - operationId: get-package-stats - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - response: - $ref: '#/components/schemas/Fleet_package_usage_stats' - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package stats - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - /api/fleet/epm/packages/limited: - get: - operationId: list-limited-packages responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - items: - items: - type: string - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get limited package list - tags: - - Elastic Package Manager (EPM) - parameters: [] - '/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs': - get: - operationId: get-inputs-template - responses: - '200': - description: OK + item: + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + download: + additionalProperties: false + type: object + properties: + sourceURI: + type: string + required: + - sourceURI + features: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + type: object + monitoring: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + protection: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + signing_key: + type: string + uninstall_token_hash: + type: string + required: + - enabled + - uninstall_token_hash + - signing_key + required: + - monitoring + - download + - features + fleet: + anyOf: + - additionalProperties: false + type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + required: + - hosts + - proxy_headers + - additionalProperties: false + type: object + properties: + kibana: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + required: + - hosts + - protocol + required: + - kibana + id: + type: string + inputs: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + package_policy_id: + type: string + processors: + items: + additionalProperties: true + type: object + properties: + add_fields: + additionalProperties: true + type: object + properties: + fields: + additionalProperties: + anyOf: + - type: string + - type: number + type: object + target: + type: string + required: + - target + - fields + required: + - add_fields + type: array + revision: + type: number + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + type: array + namespaces: + items: + type: string + type: array + output_permissions: + additionalProperties: + additionalProperties: {} + type: object + type: object + outputs: + additionalProperties: + additionalProperties: true + type: object + properties: + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + type: + type: string + required: + - type + - proxy_headers + type: object + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + signed: + additionalProperties: false + type: object + properties: + data: + type: string + signature: + type: string + required: + - data + - signature + required: + - id + - outputs + - inputs + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Get inputs template + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Format of response - json or yaml - in: query - name: format - schema: - enum: - - json - - yaml - - yml - type: string - - description: Specify if version is prerelease - in: query - name: prerelease - schema: - type: boolean - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - /api/fleet/epm/verification_key_id: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/outputs: get: - operationId: packages-get-verification-key-id + description: Get list of outputs associated with agent policy by policy id + operationId: get-fleet-agent-policies-agentpolicyid-outputs + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - body: + item: + additionalProperties: false type: object properties: - id: - description: >- - the key ID of the GPG key used to verify package - signatures - nullable: true + agentPolicyId: type: string - headers: - type: object - statusCode: - type: number - description: OK + data: + additionalProperties: false + type: object + properties: + integrations: + items: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + type: array + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + monitoring: + additionalProperties: false + type: object + properties: + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + required: + - monitoring + - data + required: + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package signature verification key ID - tags: - - Elastic Package Manager (EPM) - parameters: [] - /api/fleet/fleet_server_hosts: - get: - operationId: get-fleet-server-hosts - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_fleet_server_host' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List Fleet Server hosts + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet Server hosts + - Elastic Agent policies + /api/fleet/agent_policies/delete: post: - operationId: post-fleet-server-hosts + description: Delete agent policy by ID + operationId: post-fleet-agent-policies-delete + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - host_urls: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_internal: - type: boolean - name: + agentPolicyId: type: string - proxy_id: + force: description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - type: string + bypass validation checks that can prevent agent policy + deletion + type: boolean required: - - name - - host_urls - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create Fleet Server host - tags: - - Fleet Server hosts - '/api/fleet/fleet_server_hosts/{itemId}': - delete: - operationId: delete-fleet-server-hosts - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - agentPolicyId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: id: type: string + name: + type: string required: - id - description: OK + - name '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete Fleet Server host by ID - tags: - - Fleet Server hosts - get: - operationId: get-one-fleet-server-hosts - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + error: + type: string + message: + type: string + statusCode: + type: number required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get Fleet Server host by ID + - message + summary: '' tags: - - Fleet Server hosts - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-server-hosts + - Elastic Agent policies + /api/fleet/agent_policies/outputs: + post: + description: Get list of outputs associated with agent policies + operationId: post-fleet-agent-policies-outputs parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - host_urls: + ids: + description: list of package policy ids items: type: string type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - nullable: true - type: string + required: + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + items: + items: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + additionalProperties: false + type: object + properties: + integrations: + items: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + type: array + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + monitoring: + additionalProperties: false + type: object + properties: + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + required: + - monitoring + - data + type: array required: - - item - description: OK + - items '400': - $ref: '#/components/responses/Fleet_error' - summary: Update Fleet Server host by ID - tags: - - Fleet Server hosts - /api/fleet/health_check: - post: - operationId: fleet-server-health-check - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - deprecated: true - type: string - id: - type: string - required: - - id - required: true - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - host: - deprecated: true - type: string - id: - description: Fleet Server host id + error: type: string - status: + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Fleet Server health check + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet internals - /api/fleet/kubernetes: + - Elastic Agent policies + /api/fleet/agent_status: get: - operationId: get-full-k8s-manifest + description: Get agent status summary + operationId: get-fleet-agent-status parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - in: query - name: download + name: policyId required: false schema: - type: boolean + type: string - in: query - name: fleetServer + name: policyIds required: false schema: - type: string + anyOf: + - items: + type: string + type: array + - type: string - in: query - name: enrolToken + name: kuery required: false schema: + deprecated: true type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - type: string - description: OK + results: + additionalProperties: false + type: object + properties: + active: + type: number + all: + type: number + error: + type: number + events: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + other: + type: number + total: + deprecated: true + type: number + unenrolled: + type: number + updating: + type: number + required: + - events + - total + - online + - error + - offline + - other + - updating + - inactive + - unenrolled + - all + - active + required: + - results '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full K8s agent manifest - tags: - - Fleet Kubernetes - /api/fleet/logstash_api_keys: - post: - operationId: generate-logstash-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - api_key: + error: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Generate Logstash API key + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet outputs - /api/fleet/outputs: + - Elastic Agent status + /api/fleet/agent_status/data: get: - operationId: get-outputs - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_output_create_request' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List outputs - tags: - - Fleet outputs - post: - operationId: post-outputs - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_create_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create output - tags: - - Fleet outputs - '/api/fleet/outputs/{outputId}': - delete: - operationId: delete-output + description: Get incoming agent data + operationId: get-fleet-agent-status-data parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: agentsIds + required: true + schema: + anyOf: + - items: + type: string + type: array + - type: string + - in: query + name: previewData + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - id: - type: string + dataPreview: + items: {} + type: array + items: + items: + additionalProperties: + additionalProperties: false + type: object + properties: + data: + type: boolean + required: + - data + type: object + type: array required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete output by ID - tags: - - Fleet outputs - get: - operationId: get-output - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get output by ID - tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - put: - operationId: update-output - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_update_request' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_update_request' - description: OK + - items + - dataPreview '400': - $ref: '#/components/responses/Fleet_error' - summary: Update output by ID - tags: - - Fleet outputs - '/api/fleet/outputs/{outputId}/health': - get: - operationId: get-output-health - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - message: - description: long message if unhealthy - type: string - state: - description: 'state of output, HEALTHY or DEGRADED' + error: type: string - timestamp: - description: timestamp of reported state + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get latest output health + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - /api/fleet/package_policies: + - Elastic Agents + /api/fleet/agent-status: + get: + operationId: get-fleet-agent-status-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: policyId + required: false + schema: + type: string + - in: query + name: policyIds + required: false + schema: + anyOf: + - items: + type: string + type: array + - type: string + - in: query + name: kuery + required: false + schema: + deprecated: true + type: string + responses: {} + summary: '' + tags: [] + /api/fleet/agents: get: - operationId: get-package-policies + description: List agents + operationId: get-fleet-agents parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page + required: false + schema: + default: 1 + type: number + - in: query + name: perPage + required: false + schema: + default: 20 + type: number + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: showInactive + required: false + schema: + default: false + type: boolean + - in: query + name: withMetrics + required: false + schema: + default: false + type: boolean + - in: query + name: showUpgradeable + required: false + schema: + default: false + type: boolean + - in: query + name: getStatusSummary + required: false + schema: + default: false + type: boolean + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: - $ref: '#/components/schemas/Fleet_package_policy' + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + type: array + list: + deprecated: true + items: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata type: array page: type: number perPage: type: number + statusSummary: + additionalProperties: + type: number + type: object total: type: number required: - items - description: OK + - total + - page + - perPage '400': - $ref: '#/components/responses/Fleet_error' - summary: List package policies - tags: - - Fleet package policies - parameters: [] - post: - operationId: create-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - description: >- - You should use inputs as an object and not use the deprecated inputs - array. - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Create package policy + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: + - Elastic Agents post: - operationId: bulk-get-package-policies + description: List agents by action ids + operationId: post-fleet-agents parameters: - - $ref: '#/components/parameters/Fleet_format' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - ids: - description: list of package policy ids + actionIds: items: type: string type: array - ignoreMissing: - type: boolean required: - - ids + - actionIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: - $ref: '#/components/schemas/Fleet_package_policy' + type: string type: array required: - items - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get package policies - tags: - - Fleet package policies - '/api/fleet/package_policies/{packagePolicyId}': - delete: - operationId: delete-package-policy - parameters: - - in: query - name: force - schema: - type: boolean - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - id: + error: + type: string + message: type: string + statusCode: + type: number required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy by ID + - message + summary: '' tags: - - Fleet package policies - get: - operationId: get-package-policy + - Elastic Agents + /api/fleet/agents/{agentId}: + delete: + description: Delete agent by ID + operationId: delete-fleet-agents-agentid parameters: - - $ref: '#/components/parameters/Fleet_format' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' + action: + enum: + - deleted + type: string required: - - item - description: OK + - action '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package policy by ID - tags: - - Fleet package policies - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - put: - operationId: update-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package policy by ID - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - operationId: post-delete-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - operationId: upgrade-package-policy - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: + error: type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade package policy to a newer package version - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - operationId: upgrade-package-policy-dry-run - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: + message: type: string - type: array - packageVersion: - type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - agent_diff: - $ref: '#/components/schemas/Fleet_upgrade_agent_diff' - diff: - $ref: '#/components/schemas/Fleet_upgrade_diff' - hasErrors: - type: boolean - required: - - hasErrors - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Dry run package policy upgrade + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet package policies - /api/fleet/proxies: + - Elastic Agents get: - operationId: get-fleet-proxies - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_proxies' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List proxies - tags: - - Fleet proxies - post: - operationId: post-fleet-proxies - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - required: - - name - - url - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create proxy - tags: - - Fleet proxies - '/api/fleet/proxies/{itemId}': - delete: - operationId: delete-fleet-proxies + description: Get agent by ID + operationId: get-fleet-agents-agentid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentId + required: true + schema: + type: string + - in: query + name: withMetrics + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - id: - type: string + item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata required: - - id - description: OK + - item '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete proxy by ID - tags: - - Fleet proxies - get: - operationId: get-one-fleet-proxies - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - item: - $ref: '#/components/schemas/Fleet_proxies' + error: + type: string + message: + type: string + statusCode: + type: number required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get proxy by ID + - message + summary: '' tags: - - Fleet proxies - parameters: - - in: path - name: itemId - required: true - schema: - type: string + - Elastic Agents put: - operationId: update-fleet-proxies + description: Update agent by ID + operationId: put-fleet-agents-agentid parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - name: - type: string - proxy_headers: + tags: + items: + type: string + type: array + user_provided_metadata: + additionalProperties: {} type: object - url: - type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update proxy by ID - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - operationId: generate-service-token - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + required: + - item + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - name: + error: type: string - value: + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet service tokens - /api/fleet/service-tokens: + - Elastic Agents + /api/fleet/agents/{agentId}/actions: post: - deprecated: true - operationId: generate-service-token-deprecated + description: Create agent action + operationId: post-fleet-agents-agentid-actions parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + action: + anyOf: + - additionalProperties: false + type: object + properties: + ack_data: {} + data: {} + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + required: + - type + - data + - ack_data + - additionalProperties: false + type: object + properties: + data: + additionalProperties: false + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + required: + - log_level + type: + enum: + - SETTINGS + type: string + required: + - type + - data + required: + - action responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - name: + item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + - agents + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: type: string - value: + message: type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet service tokens - /api/fleet/settings: - get: - operationId: get-settings + - Elastic Agent actions + /api/fleet/agents/{agentId}/reassign: + post: + description: Reassign agent + operationId: post-fleet-agents-agentid-reassign + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + policy_id: + type: string + required: + - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK + additionalProperties: false + type: object + properties: {} '400': - $ref: '#/components/responses/Fleet_error' - summary: Get settings + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet internals + - Elastic Agent actions put: - operationId: update-settings + operationId: put-fleet-agents-agentid-reassign + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - additional_yaml_config: + policy_id: type: string - delete_unenrolled_agents: - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - fleet_server_hosts: - description: Protocol and path must be the same for each URL + required: + - policy_id + responses: {} + summary: '' + tags: [] + /api/fleet/agents/{agentId}/request_diagnostics: + post: + description: Request agent diagnostics + operationId: post-fleet-agents-agentid-request-diagnostics + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + additional_metrics: items: + enum: + - CPU type: string type: array - has_seen_add_data_notice: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': - $ref: '#/components/responses/Fleet_error' - summary: Update settings + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet internals - /api/fleet/setup: + - Elastic Agent actions + /api/fleet/agents/{agentId}/unenroll: + post: + description: Unenroll agent + operationId: post-fleet-agents-agentid-unenroll + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + revoke: + type: boolean + responses: {} + summary: '' + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/upgrade: post: - operationId: setup + description: Upgrade agent + operationId: post-fleet-agents-agentid-upgrade parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + force: + type: boolean + skipRateLimitCheck: + type: boolean + source_uri: + type: string + version: + type: string + required: + - version responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK + additionalProperties: false + type: object + properties: {} '400': - $ref: '#/components/responses/Fleet_error' - '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: + error: + type: string message: type: string - description: Internal Server Error - summary: Initiate Fleet setup + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet internals - /api/fleet/uninstall_tokens: + - Elastic Agent actions + /api/fleet/agents/{agentId}/uploads: get: - operationId: get-uninstall-tokens + description: List agent uploads + operationId: get-fleet-agents-agentid-uploads parameters: - - description: The number of items to return - in: query - name: perPage - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - default: 20 - minimum: 5 - type: integer - - $ref: '#/components/parameters/Fleet_page_index' - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: agentId + required: true schema: type: string responses: @@ -16961,46 +19835,254 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: items: items: + additionalProperties: false type: object properties: - created_at: + actionId: + type: string + createTime: + type: string + error: + type: string + filePath: type: string id: type: string - policy_id: + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - EXPIRED + - IN_PROGRESS + - FAILED type: string required: - id - - policy_id - - created_at + - name + - filePath + - createTime + - status + - actionId type: array - page: - type: number - perPage: - type: number - total: - type: number required: - items - - total - - page - - perPage - description: OK '400': - $ref: '#/components/responses/Fleet_error' - summary: List metadata for latest uninstall tokens per agent policy + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Fleet uninstall tokens - '/api/fleet/uninstall_tokens/{uninstallTokenId}': + - Elastic Agents + /api/fleet/agents/action_status: get: - operationId: get-uninstall-token + description: Get agent action status + operationId: get-fleet-agents-action-status + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page + required: false + schema: + default: 0 + type: number + - in: query + name: perPage + required: false + schema: + default: 20 + type: number + - in: query + name: date + required: false + schema: + type: string + - in: query + name: latest + required: false + schema: + type: number + - in: query + name: errorSize + required: false + schema: + default: 5 + type: number + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + hasRolloutPeriod: + type: boolean + latestErrors: + items: + additionalProperties: false + description: >- + latest errors that happened when the agents + executed the action + type: object + properties: + agentId: + type: string + error: + type: string + hostname: + type: string + timestamp: + type: string + required: + - agentId + - error + - timestamp + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: number + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - UPGRADE + - UNENROLL + - SETTINGS + - POLICY_REASSIGN + - CANCEL + - FORCE_UNENROLL + - REQUEST_DIAGNOSTICS + - UPDATE_TAGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - type + - nbAgentsActioned + - status + - creationTime + type: array + required: + - items + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agent actions + /api/fleet/agents/actions/{actionId}/cancel: + post: + description: Cancel agent action + operationId: post-fleet-agents-actions-actionid-cancel parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: uninstallTokenId + name: actionId required: true schema: type: string @@ -17009,730 +20091,1002 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: item: + additionalProperties: false type: object properties: + ack_data: {} + agents: + items: + type: string + type: array created_at: type: string + data: {} + expiration: + type: string id: type: string - policy_id: + minimum_execution_duration: + type: number + namespaces: + items: + type: string + type: array + rollout_duration_seconds: + type: number + sent_at: type: string - token: + source_uri: + type: string + start_time: + type: string + total: + type: number + type: type: string required: - id - - token - - policy_id + - type + - data - created_at + - ack_data + - agents required: - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get one decrypted uninstall token by its ID - tags: - - Fleet uninstall tokens - /api/lists: - delete: - operationId: DeleteList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agent actions + /api/fleet/agents/available_versions: get: - operationId: ReadList + description: Get available agent versions + operationId: get-fleet-agents-available-versions parameters: - - description: List's `id` value - in: query - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Retrieves a list using its id field + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - patch: - operationId: PatchList + - Elastic Agents + /api/fleet/agents/bulk_reassign: + post: + description: Bulk reassign agents + operationId: post-fleet-agents-bulk-reassign + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _version: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + includeInactive: + default: false + type: boolean + policy_id: type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer required: - - id - description: List's properties - required: true + - policy_id + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patches a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agent actions + /api/fleet/agents/bulk_request_diagnostics: post: - operationId: CreateList + description: Bulk request diagnostics from agents + operationId: post-fleet-agents-bulk-request-diagnostics + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true + additional_metrics: + items: + enum: + - CPU + type: string + type: array + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Creates a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - put: - operationId: UpdateList + - Elastic Agent actions + /api/fleet/agents/bulk_unenroll: + post: + description: Bulk unenroll agents + operationId: post-fleet-agents-bulk-unenroll + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer + agents: + anyOf: + - items: + description: KQL query string, leave empty to action all agents + type: string + type: array + - description: list of agent IDs + type: string + batchSize: + type: number + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean required: - - id - - name - - description - description: List's properties - required: true + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Updates a list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/_find: - get: - operationId: FindLists + - Elastic Agent actions + /api/fleet/agents/bulk_update_agent_tags: + post: + description: Bulk update agent tags + operationId: post-fleet-agents-bulk-update-agent-tags parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - desc - - asc + - '2023-10-31' type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + includeInactive: + default: false + type: boolean + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer + actionId: + type: string required: - - data - - page - - per_page - - total - - cursor - description: Successful response + - actionId '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agent actions + /api/fleet/agents/bulk_upgrade: + post: + description: Bulk upgrade agents + operationId: post-fleet-agents-bulk-upgrade + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + force: + type: boolean + includeInactive: + default: false + type: boolean + rollout_duration_seconds: + minimum: 600 + type: number + skipRateLimitCheck: + type: boolean + source_uri: + type: string + start_time: + type: string + version: + type: string + required: + - agents + - version + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Finds lists + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/index: + - Elastic Agent actions + /api/fleet/agents/files/{fileId}: delete: - operationId: DeleteListIndex + description: Delete file uploaded by agent + operationId: delete-fleet-agents-files-fileid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: fileId + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - acknowledged: + deleted: type: boolean + id: + type: string required: - - acknowledged - description: Successful response + - id + - deleted '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + /api/fleet/agents/files/{fileId}/{fileName}: + get: + description: Get file uploaded by agent + operationId: get-fleet-agents-files-fileid-filename + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream not found response - '500': + type: object + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes list data streams + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agents + /api/fleet/agents/setup: get: - operationId: ReadListIndex + description: Get agent setup info + operationId: get-fleet-agents-setup + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: >- + A summary of the agent setup status. `isReady` indicates + whether the setup is ready. If the setup is not ready, + `missing_requirements` lists which requirements are missing. type: object properties: - list_index: + is_secrets_storage_enabled: type: boolean - list_item_index: + is_space_awareness_enabled: + type: boolean + isReady: type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - security_required + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: + type: string required: - - list_index - - list_item_index - description: Successful response + - isReady + - missing_requirements + - missing_optional_features '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list data stream existence status + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Elastic Agents post: - operationId: CreateListIndex + description: Initiate agent setup + operationId: post-fleet-agents-setup + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: >- + A summary of the result of Fleet's `setup` lifecycle. If + `isInitialized` is true, Fleet is ready to accept agent + enrollment. `nonFatalErrors` may include useful insight into + non-blocking issues with Fleet setup. type: object properties: - acknowledged: + isInitialized: type: boolean + nonFatalErrors: + items: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array required: - - acknowledged - description: Successful response + - isInitialized + - nonFatalErrors '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Creates necessary list data streams + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items: - delete: - operationId: DeleteListItem + - Elastic Agents + /api/fleet/agents/tags: + get: + description: List agent tags + operationId: get-fleet-agents-tags parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: kuery required: false schema: type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh + - in: query + name: showInactive required: false schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' + additionalProperties: false + type: object + properties: + items: + items: + type: string type: array - description: Successful response + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Elastic Agents + /api/fleet/check-permissions: + get: + description: Check permissions + operationId: get-fleet-check-permissions + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: fleetServerSetup + required: false + schema: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': + additionalProperties: false + type: object + properties: + error: + enum: + - MISSING_SECURITY + - MISSING_PRIVILEGES + - MISSING_FLEET_SERVER_SETUP_PRIVILEGES + type: string + success: + type: boolean + required: + - success + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/data_streams: + get: + description: List data streams + operationId: get-fleet-data-streams + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': + additionalProperties: false + type: object + properties: + data_streams: + items: + additionalProperties: false + type: object + properties: + dashboards: + items: + additionalProperties: false + type: object + properties: + id: + type: string + title: + type: string + required: + - id + - title + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + serviceDetails: + additionalProperties: false + nullable: true + type: object + properties: + environment: + type: string + serviceName: + type: string + required: + - environment + - serviceName + size_in_bytes: + type: number + size_in_bytes_formatted: + anyOf: + - type: number + - type: string + type: + type: string + required: + - index + - dataset + - namespace + - type + - package + - package_version + - last_activity_ms + - size_in_bytes + - size_in_bytes_formatted + - dashboards + - serviceDetails + type: array + required: + - data_streams + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Deletes a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API + - Data streams + /api/fleet/enrollment_api_keys: get: - operationId: ReadListItem + description: List enrollment API keys + operationId: get-fleet-enrollment-api-keys parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page required: false schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id + default: 1 + type: number + - in: query + name: perPage required: false schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value + default: 20 + type: number + - in: query + name: kuery required: false schema: type: string @@ -17741,2133 +21095,4466 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at type: array - description: Successful response + list: + deprecated: true + items: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + - list '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Gets a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - patch: - operationId: PatchListItem + - Fleet enrollment API keys + post: + description: Create enrollment API key + operationId: post-fleet-enrollment-api-keys + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - _version: + expiration: type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for + name: + type: string + policy_id: type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - - id - description: List item's properties - required: true + - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patches a list item - tags: - - Security Lists API - post: - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Creates a list item - tags: - - Security Lists API - put: - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response + additionalProperties: false + type: object + properties: + action: + enum: + - created + type: string + item: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + required: + - item + - action '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Updates a list item + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items/_export: - post: - description: Exports list item values from the specified list - operationId: ExportListItems + - Fleet enrollment API keys + /api/fleet/enrollment_api_keys/{keyId}: + delete: + description: Revoke enrollment API key by ID by marking it as inactive + operationId: delete-fleet-enrollment-api-keys-keyid parameters: - - description: List's id to export - in: query - name: list_id + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' + example: 'true' + type: string + - in: path + name: keyId + required: true + schema: + type: string responses: '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Exports list items + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items/_find: + - Fleet enrollment API keys get: - operationId: FindListItems + description: Get enrollment API key by ID + operationId: get-fleet-enrollment-api-keys-keyid parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: 'Determines the sort order, which can be `desc` or `asc`' - in: query - name: sort_order - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - desc - - asc + - '2023-10-31' type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false + - in: path + name: keyId + required: true schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer + item: + additionalProperties: false + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and + cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: >- + The enrollment API key (token) used for enrolling + Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at required: - - data - - page - - per_page - - total - - cursor - description: Successful response + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Finds list items + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/lists/items/_import: - post: - description: > - Imports a list of items from a `.txt` or `.csv` file. The maximum file - size is 9 million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems + - Fleet enrollment API keys + /api/fleet/enrollment-api-keys: + get: + operationId: get-fleet-enrollment-api-keys-2 parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: page required: false schema: - $ref: '#/components/schemas/Security_Lists_API_ListType' + default: 1 + type: number - in: query - name: serializer + name: perPage required: false schema: - type: string + default: 20 + type: number - in: query - name: deserializer + name: kuery required: false schema: type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false + responses: {} + summary: '' + tags: [] + post: + operationId: post-fleet-enrollment-api-keys-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - 'true' - - 'false' - - wait_for + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' type: string requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary + expiration: type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Imports list items - tags: - - Security Lists API - /api/lists/privileges: + name: + type: string + policy_id: + type: string + required: + - policy_id + responses: {} + summary: '' + tags: [] + /api/fleet/enrollment-api-keys/{keyId}: + delete: + operationId: delete-fleet-enrollment-api-keys-keyid-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: keyId + required: true + schema: + type: string + responses: {} + summary: '' + tags: [] get: - operationId: ReadListPrivileges + operationId: get-fleet-enrollment-api-keys-keyid-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: keyId + required: true + schema: + type: string + responses: {} + summary: '' + tags: [] + /api/fleet/epm/bulk_assets: + post: + description: Bulk get assets + operationId: post-fleet-epm-bulk-assets + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + assetIds: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - id + - type + type: array + required: + - assetIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + items: + items: + additionalProperties: false + type: object + properties: + appLink: + type: string + attributes: + additionalProperties: false + type: object + properties: + description: + type: string + service: + type: string + title: + type: string + id: + type: string + type: + type: string + updatedAt: + type: string + required: + - id + - type + - attributes + type: array required: - - lists - - listItems - - is_authenticated - description: Successful response + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Gets list privileges + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Lists API - /api/ml/saved_objects/sync: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync + description: List package categories + operationId: get-fleet-epm-categories parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: experimental + required: false + schema: + type: boolean + - in: query + name: include_policy_templates + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + additionalProperties: false + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - ml - /api/note: - delete: - operationId: DeleteNote + - Elastic Package Manager (EPM) + /api/fleet/epm/custom_integrations: + post: + description: Create custom integration + operationId: post-fleet-epm-custom-integrations + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: + additionalProperties: false + type: object + properties: + datasets: + items: + additionalProperties: false + type: object + properties: + name: type: string - nullable: true - type: array - required: - - noteIds - description: The id of the note to delete. - required: true + type: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + required: + - name + - type + type: array + force: + type: boolean + integrationName: + type: string + required: + - integrationName + - datasets responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: + _meta: + additionalProperties: false type: object - description: Indicates the note was successfully deleted. - summary: Deletes a note from a timeline. + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' + - Elastic Package Manager (EPM) + /api/fleet/epm/data_streams: get: - description: Gets notes - operationId: GetNotes + description: List data streams + operationId: get-fleet-epm-data-streams parameters: - - in: query - name: documentIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - - in: query - name: savedObjectIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' - - in: query - name: page - schema: - nullable: true - type: string - - in: query - name: perPage + - description: The version of the API to use + in: header + name: elastic-api-version schema: - nullable: true + default: '2023-10-31' + enum: + - '2023-10-31' type: string - in: query - name: search + name: type + required: false schema: - nullable: true + enum: + - logs + - metrics + - traces + - synthetics + - profiling type: string - in: query - name: sortField + name: datasetQuery + required: false schema: - nullable: true type: string - in: query name: sortOrder + required: false schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - - in: query - name: createdByFilter - schema: - nullable: true + default: asc + enum: + - asc + - desc type: string - in: query - name: associatedFilter + name: uncategorisedOnly + required: false schema: - $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object - description: Indicates the requested notes were returned. - summary: Get all notes for a given document. - tags: - - Security Timeline API - - 'access:securitySolution' - patch: - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to persist or update along with additional metadata. - required: true - responses: - '200': + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + type: array + required: + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - data: - type: object - properties: - persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote - required: - - persistNote + error: + type: string + message: + type: string + statusCode: + type: number required: - - data - description: Indicates the note was successfully created. - summary: Persists a note to a timeline. + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/osquery/live_queries: + - Data streams + /api/fleet/epm/packages: get: - description: Get a list of all live queries. - operationId: OsqueryFindLiveQueries + description: List packages + operationId: get-fleet-epm-packages parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - in: query - name: query - required: true + name: category + required: false schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live queries - tags: - - Security Osquery API - post: - description: Create and run a live query. - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Osquery API - '/api/osquery/live_queries/{id}': - get: - description: Get the details of a live query using the query ID. - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true + type: string + - in: query + name: prerelease + required: false schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' + type: boolean - in: query - name: query + name: experimental + required: false schema: - additionalProperties: true - type: object + type: boolean + - in: query + name: excludeInstallStatus + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: true + type: object + properties: + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + id: + type: string + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - id + type: array + response: + items: + additionalProperties: true + deprecated: true + type: object + properties: + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + id: + type: string + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - id + type: array + required: + - items + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API - '/api/osquery/live_queries/{id}/results/{actionId}': - get: - description: Get the results of a live query using the query action ID. - operationId: OsqueryGetLiveQueryResults + - Elastic Package Manager (EPM) + post: + description: Install package by upload + operationId: post-fleet-epm-packages parameters: - - in: path - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: path - name: actionId + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' + example: 'true' + type: string - in: query - name: query - required: true + name: ignoreMappingUpdateErrors + required: false schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Osquery API - /api/osquery/packs: - get: - description: Get a list of all query packs. - operationId: OsqueryFindPacks - parameters: + default: false + type: boolean - in: query - name: query - required: true + name: skipDataStreamRollover + required: false schema: - $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs - tags: - - Security Osquery API - post: - description: Create a query pack. - operationId: OsqueryCreatePacks + default: false + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' - required: true + format: binary + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a pack - tags: - - Security Osquery API - '/api/osquery/packs/{id}': - delete: - description: Delete a query pack using the pack ID. - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': + additionalProperties: false + type: object + properties: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a pack + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API - get: - description: Get the details of a query pack using the pack ID. - operationId: OsqueryGetPacksDetails + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: + post: + description: Bulk install packages + operationId: post-fleet-epm-packages-bulk parameters: - - in: path - name: id + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' + example: 'true' + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + name: + type: string + prerelease: + type: boolean + version: + type: string + required: + - name + - version + minItems: 1 + type: array + required: + - packages responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get pack details + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + name: + type: string + result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + version: + type: string + required: + - name + - version + - result + - additionalProperties: false + type: object + properties: + error: + anyOf: + - type: string + - {} + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + name: + type: string + result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + version: + type: string + required: + - name + - version + - result + - additionalProperties: false + type: object + properties: + error: + anyOf: + - type: string + - {} + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + type: array + required: + - items + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Osquery API - put: - description: | - Update a query pack using the pack ID. - > info - > You cannot update a prebuilt pack. - operationId: OsqueryUpdatePacks + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgkey}: + delete: + operationId: delete-fleet-epm-packages-pkgkey parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: id + name: pkgkey required: true schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a pack - tags: - - Security Osquery API - /api/osquery/saved_queries: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + required: + - force + responses: {} + summary: '' + tags: [] get: - description: Get a list of all saved queries. - operationId: OsqueryFindSavedQueries + operationId: get-fleet-epm-packages-pkgkey parameters: - - in: query - name: query + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgkey required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved queries - tags: - - Security Osquery API + type: string + - in: query + name: ignoreUnverified + required: false + schema: + type: boolean + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: full + required: false + schema: + type: boolean + - in: query + name: withMetadata + required: false + schema: + default: false + type: boolean + responses: {} + summary: '' + tags: [] post: - description: Create and run a saved query. - operationId: OsqueryCreateSavedQuery + operationId: post-fleet-epm-packages-pkgkey + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgkey + required: true + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: ignoreMappingUpdateErrors + required: false + schema: + default: false + type: boolean + - in: query + name: skipDataStreamRollover + required: false + schema: + default: false + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Osquery API - '/api/osquery/saved_queries/{id}': - delete: - description: Delete a saved query using the query ID. - operationId: OsqueryDeleteSavedQuery + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + required: + - force + responses: {} + summary: '' + tags: [] + put: + operationId: put-fleet-epm-packages-pkgkey parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: id + name: pkgkey required: true schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a saved query - tags: - - Security Osquery API - get: - description: Get the details of a saved query using the query ID. - operationId: OsqueryGetSavedQueryDetails + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate + responses: {} + summary: '' + tags: [] + /api/fleet/epm/packages/{pkgName}/{pkgVersion}: + delete: + description: Delete package + operationId: delete-fleet-epm-packages-pkgname-pkgversion parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string - in: path - name: id + name: pkgName required: true schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Osquery API - put: - description: | - Update a saved query using the query ID. - > info - > You cannot update a prebuilt saved query. - operationId: OsqueryUpdateSavedQuery - parameters: + type: string - in: path - name: id + name: pkgVersion required: true schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + type: string + - in: query + name: force + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a saved query - tags: - - Security Osquery API - /api/pinned_event: - patch: - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to persist or update along with additional metadata. - required: true + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + required: + - force responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse - required: - - persistPinnedEventOnTimeline + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array required: - - data - description: Indicate the event was successfully pinned in the timeline. - summary: Persists a pinned event to a timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': + - items + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API - /api/risk_score/engine/schedule_now: - post: - operationId: ScheduleRiskEngineNow - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: {} - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse - description: Unexpected error - summary: Schedule the risk engine to run as soon as possible + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - Security Entity Analytics API - /api/saved_objects/_bulk_create: - post: - deprecated: true - operationId: bulkCreateSavedObjects + - Elastic Package Manager (EPM) + get: + description: Get package + operationId: get-fleet-epm-packages-pkgname-pkgversion parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: 'When true, overwrites the document with the same identifier.' - in: query - name: overwrite + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: ignoreUnverified + required: false schema: type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - in: query - name: force + - in: query + name: prerelease + required: false schema: type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects - tags: - - saved objects - /api/saved_objects/_bulk_get: - post: - deprecated: true - operationId: bulkGetSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects - tags: - - saved objects - /api/saved_objects/_bulk_resolve: - post: - deprecated: true - description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects - tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - in: query + name: full + required: false + schema: + type: boolean + - in: query + name: withMetadata + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects - tags: - - saved objects - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: + properties: + item: + additionalProperties: true type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_find: - get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects - parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. - in: query - name: fields - schema: - oneOf: - - type: string - - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. - in: query - name: has_reference - schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator - schema: - type: string - - description: The page of objects to return. - in: query - name: page - schema: - type: integer - - description: The number of objects to return per page. - in: query - name: per_page - schema: - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - in: query - name: sort_field - schema: - type: string - - description: The saved object types to include. - in: query - name: type - required: true - schema: - oneOf: - - type: string - - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/saved_objects/_resolve_import_errors: - post: - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. - in: query - name: createNewCopies - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request - schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: - type: object - properties: - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: type: string - id: - description: The saved object ID. + elasticsearch: + additionalProperties: {} + type: object + format_version: type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: type: boolean - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. + keepPoliciesUpToDate: type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: items: + additionalProperties: false type: object properties: - from: + dark_mode: + type: boolean + path: type: string - to: + size: + type: string + src: + type: string + title: type: string type: type: string + required: + - src type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string type: - description: The saved object type. + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: type: string required: - - type - - id - type: array - required: - - retries - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response - schema: - type: object - properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors - tags: - - saved objects - '/api/saved_objects/{type}': - post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - '/api/saved_objects/{type}/{id}': - get: - deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. + - savedObject + - name + - version + - title + - assets + metadata: + additionalProperties: false + type: object + properties: + has_policies: + type: boolean + required: + - has_policies + response: + additionalProperties: true + deprecated: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - saved objects + - Elastic Package Manager (EPM) post: - deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId + description: Install package from registry + operationId: post-fleet-epm-packages-pkgname-pkgversion parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' - in: query - name: overwrite + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: ignoreMappingUpdateErrors + required: false + schema: + default: false + type: boolean + - in: query + name: skipDataStreamRollover + required: false schema: + default: false type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + nullable: true type: object properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes - required: true + force: + default: false + type: boolean + ignore_constraints: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object - description: Indicates a successful call. - '409': + properties: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + response: + deprecated: true + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object - description: Indicates a conflict error. - summary: Create a saved object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - saved objects + - Elastic Package Manager (EPM) put: - deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject + description: Update package settings + operationId: put-fleet-epm-packages-pkgname-pkgversion parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object - tags: - - saved objects - '/api/saved_objects/resolve/{type}/{id}': - get: - deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + properties: + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object - tags: - - saved objects - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: + properties: + item: + additionalProperties: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + response: + additionalProperties: true + deprecated: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + savedObject: {} + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - savedObject + - name + - version + - title + - assets + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -19876,86 +25563,50 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Apply a bulk action to anonymization fields + required: + - message + summary: '' tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: get: - description: Get a list of all anonymization fields. - operationId: FindAnonymizationFields + description: Get package file + operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false + - in: path + name: pkgName + required: true schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false + type: string + - in: path + name: pkgVersion + required: true schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false + type: string + - in: path + name: filePath + required: true schema: - default: 20 - minimum: 0 - type: integer + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response + schema: {} '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -19964,33 +25615,91 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Get anonymization fields + required: + - message + summary: '' tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete + description: Authorize transforms + operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true + additionalProperties: false + type: object + properties: + transforms: + items: + additionalProperties: false + type: object + properties: + transformId: + type: string + required: + - transformId + type: array + required: + - transforms responses: '200': content: - application/octet-stream; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - format: binary - type: string - description: Indicates a successful call. + items: + additionalProperties: false + type: object + properties: + error: + nullable: true + success: + type: boolean + transformId: + type: string + required: + - transformId + - success + - error + type: array '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -19999,34 +25708,53 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Create a model response + required: + - message + summary: '' tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/stats: + get: + description: Get package stats + operationId: get-fleet-epm-packages-pkgname-stats + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgName + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. + additionalProperties: false + type: object + properties: + response: + additionalProperties: false + type: object + properties: + agent_policy_count: + type: number + required: + - agent_policy_count + required: + - response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20035,86 +25763,152 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Create a conversation + required: + - message + summary: '' tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/installed: get: - description: Get a list of all conversations for the current user. - operationId: FindConversations + description: Get installed packages + operationId: get-fleet-epm-packages-installed parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string - in: query - name: fields + name: dataStreamType required: false schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + - in: query + name: showOnlyActiveDataStreams required: false schema: - type: string - - description: Field to sort by - in: query - name: sort_field + type: boolean + - in: query + name: nameQuery required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order + type: string + - in: query + name: searchAfter required: false schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page + items: + anyOf: + - type: string + - type: number + type: array + - in: query + name: perPage required: false schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page + default: 15 + type: number + - in: query + name: sortOrder required: false schema: - default: 20 - minimum: 0 - type: integer + default: asc + enum: + - asc + - desc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: + items: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + additionalProperties: false + type: object + properties: + dataStreams: + items: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + required: + - name + - title + type: array + description: + type: string + icons: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + name: + type: string + status: + type: string + title: + type: string + version: + type: string + required: + - name + - version + - status + - dataStreams + type: array + searchAfter: + items: + anyOf: + - type: string + - type: number + - type: boolean + - enum: [] + nullable: true + - {} type: array - page: - type: integer - perPage: - type: integer total: - type: integer + type: number required: - - page - - perPage + - items - total - - data - description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20123,34 +25917,49 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Get conversations + required: + - message + summary: '' tags: - - Security AI Assistant API - - Conversations API - '/api/security_ai_assistant/current_user/conversations/{id}': - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/limited: + get: + description: Get limited package list + operationId: get-fleet-epm-packages-limited parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + response: + deprecated: true + items: + type: string + type: array + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20159,33 +25968,106 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Delete a conversation + required: + - message + summary: '' tags: - - Security AI Assistant API - - Conversation API + - Elastic Package Manager (EPM) + /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation + description: Get inputs template + operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs parameters: - - description: The conversation's `id` value. - in: path - name: id + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: pkgName required: true schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + default: json + enum: + - json + - yml + - yaml + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: ignoreUnverified + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + inputs: + items: + additionalProperties: false + type: object + properties: + id: + type: string + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + required: + - id + - type + type: array + required: + - inputs '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20194,40 +26076,43 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Get a conversation + required: + - message + summary: '' tags: - - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation + - Elastic Package Manager (EPM) + /api/fleet/epm/verification_key_id: + get: + description: Get a package signature verification key ID + operationId: get-fleet-epm-verification-key-id parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true + - description: The version of the API to use + in: header + name: elastic-api-version schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true + default: '2023-10-31' + enum: + - '2023-10-31' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. + additionalProperties: false + type: object + properties: + id: + nullable: true + type: string + required: + - id '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20236,58 +26121,185 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Update a conversation + required: + - message + summary: '' tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: + - Elastic Package Manager (EPM) + /api/fleet/fleet_server_hosts: + get: + description: List Fleet Server hosts + operationId: get-fleet-fleet-server-hosts + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: + items: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet Server hosts + post: + description: Create Fleet Server host + operationId: post-fleet-fleet-server-hosts + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + host_urls: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: string + minItems: 1 type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - name + - host_urls responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20296,86 +26308,54 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Apply a bulk action to prompts + required: + - message + summary: '' tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Get a list of all prompts. - operationId: FindPrompts + - Fleet Server hosts + /api/fleet/fleet_server_hosts/{itemId}: + delete: + description: Delete Fleet Server host by ID + operationId: delete-fleet-fleet-server-hosts-itemid parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false + example: 'true' + type: string + - in: path + name: itemId + required: true schema: - default: 20 - minimum: 0 - type: integer + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer + id: + type: string required: - - page - - perPage - - total - - data - description: Successful response + - id '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: error: @@ -20384,14 +26364,14 @@ paths: type: string statusCode: type: number - description: Generic Error - summary: Get prompts + required: + - message + summary: '' tags: - - Security AI Assistant API - - Prompts API - /api/security/role: + - Fleet Server hosts get: - operationId: '%2Fapi%2Fsecurity%2Frole#0' + description: Get Fleet Server host by ID + operationId: get-fleet-fleet-server-hosts-itemid parameters: - description: The version of the API to use in: header @@ -20401,24 +26381,71 @@ paths: enum: - '2023-10-31' type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. - in: query - name: replaceDeprecatedPrivileges - required: false + - in: path + name: itemId + required: true schema: - type: boolean + type: string responses: '200': - description: Indicates a successful call. - summary: Get all roles + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - roles - '/api/security/role/{name}': - delete: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1' + - Fleet Server hosts + put: + description: Update Fleet Server host by ID + operationId: put-fleet-fleet-server-hosts-itemid parameters: - description: The version of the API to use in: header @@ -20436,19 +26463,94 @@ paths: example: 'true' type: string - in: path - name: name + name: itemId required: true schema: - minLength: 1 type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - proxy_id responses: - '204': - description: Indicates a successful call. - summary: Delete a role + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - roles - get: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0' + - Fleet Server hosts + /api/fleet/health_check: + post: + description: Check Fleet Server health + operationId: post-fleet-health-check parameters: - description: The version of the API to use in: header @@ -20458,33 +26560,143 @@ paths: enum: - '2023-10-31' type: string - - description: The role name. - in: path - name: name + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf required: true schema: - minLength: 1 + example: 'true' type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. - in: query - name: replaceDeprecatedPrivileges + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + required: + - id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + host: + deprecated: true + type: string + host_id: + type: string + name: + type: string + status: + type: string + required: + - status + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/kubernetes: + get: + description: Get full K8s agent manifest + operationId: get-fleet-kubernetes + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: download required: false schema: type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string responses: '200': - description: Indicates a successful call. - summary: Get a role + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + type: string + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - roles - put: - description: >- - Create a new Kibana role or update the attributes of an existing role. - Kibana roles are stored in the Elasticsearch native realm. - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' + - Elastic Agent policies + /api/fleet/kubernetes/download: + get: + operationId: get-fleet-kubernetes-download parameters: - description: The version of the API to use in: header @@ -20494,280 +26706,66 @@ paths: enum: - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - in: query + name: download + required: false schema: - example: 'true' - type: string - - description: The role name. - in: path - name: name - required: true + type: boolean + - in: query + name: fleetServer + required: false schema: - maxLength: 1024 - minLength: 1 type: string - - description: 'When true, a role is not overwritten if it already exists.' - in: query - name: createOnly + - in: query + name: enrolToken required: false schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: >- - The document fields that the role members have - read access to. - type: string - type: array - type: object - names: - items: - description: >- - The data streams, indices, and aliases to which - the permissions in this entry apply. It supports - wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that the role members - have for the data streams and indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The cluster level privileges for the remote - cluster. The allowed values are a subset of the - cluster privileges. - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - will cover the restricted indices too. - type: boolean - clusters: - items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: >- - The document fields that the role members have - read access to. - type: string - type: array - type: object - names: - items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that role members - have for the specified indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: >- - A base privilege that grants applies to all - spaces. - type: string - type: array - - items: - description: >- - A base privilege that applies to specific - spaces. - type: string - type: array - feature: - additionalProperties: - items: - description: >- - The privileges that the role member has for the - feature. - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch + type: string responses: - '204': - description: Indicates a successful call. - summary: Create or update a role + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: string + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - roles - /api/security/roles: + - Elastic Agent policies + /api/fleet/logstash_api_keys: post: - operationId: '%2Fapi%2Fsecurity%2Froles#0' + description: Generate Logstash API key + operationId: post-fleet-logstash-api-keys parameters: - description: The version of the API to use in: header @@ -20784,209 +26782,555 @@ paths: schema: example: 'true' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + api_key: + type: string + required: + - api_key + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + /api/fleet/message_signing_service/rotate_key_pair: + post: + description: Rotate fleet message signing key pair + operationId: post-fleet-message-signing-service-rotate-key-pair + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: acknowledge + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Message Signing Service + /api/fleet/outputs: + get: + description: List outputs + operationId: get-fleet-outputs + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true type: string - type: array - indices: - items: - additionalProperties: false + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true type: object properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field covers the restricted - indices too. + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true type: boolean - field_security: - additionalProperties: - items: - description: >- - The document fields that the role - members have read access to. - type: string - type: array - type: object - names: - items: - description: >- - The data streams, indices, and aliases to - which the permissions in this entry apply. - It supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that the role - members have for the data streams and - indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role members. + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true type: object properties: - clusters: + certificate: + type: string + certificate_authorities: items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The cluster level privileges for the - remote cluster. The allowed values are a - subset of the cluster privileges. type: string - minItems: 1 type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true type: object properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field will cover the restricted - indices too. + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true type: boolean - clusters: + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. type: string - minItems: 1 type: array - field_security: - additionalProperties: - items: - description: >- - The document fields that the role - members have read access to. - type: string - type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true type: object - names: - items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: items: - description: >- - The index level privileges that role - members have for the specified indices. type: string - minItems: 1 type: array - query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role - members. + key: type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - description: >- - A user name that the role member can - impersonate. + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash type: string - type: array - kibana: - items: - additionalProperties: false + required: + - name + - type + - hosts + - additionalProperties: true type: object properties: - base: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: anyOf: - items: {} type: array @@ -20996,156 +27340,312 @@ paths: - type: string nullable: true oneOf: - - items: - description: >- - A base privilege that grants applies to - all spaces. - type: string + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} type: array - - items: - description: >- - A base privilege that applies to specific - spaces. + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} type: array - feature: - additionalProperties: - items: - description: >- - The privileges that the role member has for - the feature. + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 type: string - type: array + secrets: + additionalProperties: true type: object - spaces: - anyOf: - - items: - enum: - - '*' + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: type: string - maxItems: 1 - minItems: 1 type: array - - items: - description: A space that the privilege applies to. + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} type: array - default: - - '*' + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles - responses: - '200': - description: Indicates a successful call. - summary: Create or update roles - tags: - - roles - /api/spaces/_copy_saved_objects: - post: - description: >- - It also allows you to automatically copy related objects, so when you - copy a dashboard, this can automatically copy over the associated - visualizations, data views, and saved searches, as required. You can - request to overwrite any objects that already exist in the target space - if they share an identifier or you can use the resolve copy saved - objects conflicts API to do this on a per-object basis. - operationId: '%2Fapi%2Fspaces%2F_copy_saved_objects#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - description: >- - Apply various adjustments to the saved objects that are - being copied to maintain compatibility between different - Kibana versions. Use this option only if you encounter - issues with copied saved objects. This option cannot be used - with the `createNewCopies` option. - type: boolean - createNewCopies: - default: true - description: >- - Create new copies of saved objects, regenerate each object - identifier, and reset the origin. When used, potential - conflict errors are avoided. This option cannot be used - with the `overwrite` and `compatibilityMode` options. - type: boolean - includeReferences: - default: false - description: >- - When set to true, all saved objects related to the specified - saved objects will also be copied into the target spaces. - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to copy. - type: string - type: - description: The type of the saved object to copy. - type: string - required: - - type - - id - type: array - overwrite: - default: false - description: >- - When set to true, all conflicts are automatically - overridden. When a saved object with a matching type and - identifier exists in the target space, that version is - replaced with the version from the source space. This option - cannot be used with the `createNewCopies` option. - type: boolean - spaces: - items: - description: >- - The identifiers of the spaces where you want to copy the - specified objects. + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: type: string - type: array - required: - - spaces - - objects - responses: {} - summary: Copy saved objects between spaces + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - spaces - /api/spaces/_disable_legacy_url_aliases: + - Fleet outputs post: - operationId: '%2Fapi%2Fspaces%2F_disable_legacy_url_aliases#0' + description: Create output + operationId: post-fleet-outputs parameters: - description: The version of the API to use in: header @@ -21166,302 +27666,1446 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - aliases: - items: - additionalProperties: false - type: object - properties: - sourceId: - description: >- - The alias source object identifier. This is the legacy - object identifier. + anyOf: + - additionalProperties: false + type: object + properties: + allow_edit: + items: type: string - targetSpace: - description: The space where the alias target object exists. + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri type: string - targetType: - description: 'The type of alias target object. ' - type: string - required: - - targetSpace - - targetType - - sourceId - type: array - required: - - aliases - responses: {} - summary: Disable legacy URL aliases - tags: - - spaces - /api/spaces/_get_shareable_references: - post: - description: Collect references and space contexts for saved objects. - operationId: '%2Fapi%2Fspaces%2F_get_shareable_references#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - required: - - objects - responses: {} - summary: Get shareable references - tags: - - spaces - /api/spaces/_resolve_copy_saved_objects_errors: - post: - description: >- - Overwrite saved objects that are returned as errors from the copy saved - objects to space API. - operationId: '%2Fapi%2Fspaces%2F_resolve_copy_saved_objects_errors#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - type: boolean - createNewCopies: - default: true - type: boolean - includeReferences: - default: false - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: type: string - type: + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri type: string - required: - - type - - id - type: array - retries: - additionalProperties: - items: + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: additionalProperties: false type: object properties: - createNewCopy: - description: >- - Creates new copies of the saved objects, regenerates - each object ID, and resets the origin. + service_token: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true type: boolean - destinationId: - description: >- - Specifies the destination identifier that the copied - object should have, if different from the current - identifier. + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true type: string - id: - description: The saved object identifier. + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: type: string - ignoreMissingReferences: - description: >- - When set to true, any missing references errors are - ignored. + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true type: boolean - overwrite: + disk_queue_enabled: default: false - description: >- - When set to true, the saved object from the source - space overwrites the conflicting object in the - destination space. + nullable: true type: boolean - type: - description: The saved object type. + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number required: - - type - - id - type: array + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: false type: object - required: - - retries - - objects - responses: {} - summary: Resolve conflicts copying saved objects - tags: [] - /api/spaces/_update_objects_spaces: - post: - description: Update one or more saved objects to add or remove them from some spaces. - operationId: '%2Fapi%2Fspaces%2F_update_objects_spaces#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to update. + properties: + allow_edit: + items: type: string - type: - description: The type of the saved object to update. + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: type: string - required: - - type - - id - type: array - spacesToAdd: - items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. - type: string - type: array - spacesToRemove: - items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. - type: string - type: array - required: - - objects - - spacesToAdd - - spacesToRemove - responses: {} - summary: Update saved objects in spaces - tags: - - spaces - /api/spaces/space: - get: - operationId: '%2Fapi%2Fspaces%2Fspace#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: '%2Fapi%2Fspaces%2Fspace#1' + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: false + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: false + type: object + properties: + password: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: false + type: object + properties: + topic: + type: string + when: + additionalProperties: false + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}: + delete: + description: Delete output by ID + operationId: delete-fleet-outputs-outputid parameters: - description: The version of the API to use in: header @@ -21478,111 +29122,61 @@ paths: schema: example: 'true' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - '/api/spaces/space/{id}': - delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. - in: path - name: id + - in: path + name: outputId required: true schema: type: string responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message '404': - description: Indicates that the request failed. - summary: Delete a space + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - spaces + - Fleet outputs get: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' + description: Get output by ID + operationId: get-fleet-outputs-outputid parameters: - description: The version of the API to use in: header @@ -21592,20 +29186,747 @@ paths: enum: - '2023-10-31' type: string - - description: The space identifier. - in: path - name: id + - in: path + name: outputId required: true schema: type: string responses: '200': - description: Indicates a successful call. - summary: Get a space + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - spaces + - Fleet outputs put: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + description: Update output by ID + operationId: put-fleet-outputs-outputid parameters: - description: The version of the API to use in: header @@ -21622,11 +29943,8 @@ paths: schema: example: 'true' type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. - in: path - name: id + - in: path + name: outputId required: true schema: type: string @@ -21634,9449 +29952,18491 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Update a space - tags: - - spaces - /api/status: - get: - operationId: '%2Fapi%2Fstatus#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /api/timeline: - delete: - operationId: DeleteTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines - items: - type: string - type: array - required: - - savedObjectIds - description: The ids of the timelines or timeline templates to delete. - required: true + anyOf: + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: false + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: false + type: object + properties: + password: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: false + type: object + properties: + topic: + type: string + when: + additionalProperties: false + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - compression_level + - connection_type + - username + - password responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data - description: Indicates the timeline was successfully deleted. - summary: Deletes one or more timelines or timeline templates. - tags: - - Security Timeline API - - 'access:securitySolution' - get: - operationId: GetTimeline - parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to retrieve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: + item: + anyOf: + - additionalProperties: true type: object properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string required: - - getOneTimeline - required: - - data - - additionalProperties: false - type: object - description: Indicates that the (template) timeline was found and returned. - summary: >- - Get an existing saved timeline or timeline template. This API is used to - retrieve an existing saved timeline or timeline template. - tags: - - Security Timeline API - - 'access:securitySolution' - patch: - description: >- - Updates an existing timeline. This API is used to update the title, - description, date range, pinned events, pinned queries, and/or pinned - saved queries of an existing timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The timeline updates along with the timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '405': + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + items: + additionalProperties: true + type: object + properties: + topic: + type: string + when: + additionalProperties: true + type: object + properties: + condition: + type: string + type: + enum: + - equals + - contains + - regexp + type: string + required: + - topic + minItems: 1 + type: array + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: type: string - statusCode: - type: number - description: >- - Indicates that the user does not have the required access to create - a draft timeline. - summary: Updates an existing timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - post: - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required timeline fields used to create a new timeline along with - optional fields that will be created if not provided. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates the timeline was successfully created. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: + message: type: string statusCode: type: number - description: Indicates that there was an error in the timeline creation. - summary: Creates a new timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_copy: - get: - description: | - Copies and returns a timeline or timeline template. - operationId: CopyTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the timeline has been successfully copied. - summary: Copies timeline or timeline template + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_draft: + - Fleet outputs + /api/fleet/outputs/{outputId}/health: get: - operationId: GetDraftTimelines + description: Get latest output health + operationId: get-fleet-outputs-outputid-health parameters: - - in: query - name: timelineType + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: outputId required: true schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the draft timeline was successfully retrieved. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: + additionalProperties: false type: object properties: message: + description: long message if unhealthy type: string - status_code: - type: number - description: >- - If a draft timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft timeline. - '409': + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + required: + - state + - message + - timestamp + '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: + error: + type: string message: type: string - status_code: - type: number - description: >- - This should never happen, but if a draft timeline was not found and - we attempted to create one, it indicates that there is already a - draft timeline with the given timelineId. - summary: >- - Retrieves the draft timeline for the current user. If the user does not - have a draft timeline, an empty timeline is returned. - tags: - - Security Timeline API - - 'access:securitySolution' - post: - description: > - Retrieves a clean draft timeline. If a draft timeline does not exist, it - is created and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType - description: >- - The type of timeline to create. Valid values are `default` and - `template`. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft timeline was successfully created. In the - event the user already has a draft timeline, the existing draft - timeline is cleared and returned. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft timeline. - '409': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that there is already a draft timeline with the given - timelineId. - summary: Retrieves a draft timeline or timeline template. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_export: - post: - operationId: ExportTimelines - parameters: - - description: The name of the file to export - in: query - name: file_name - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The ids of the timelines to export - required: true - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: NDJSON of the exported timelines - type: string - description: Indicates the timelines were successfully exported - '400': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string statusCode: type: number - description: Indicates that the export size limit was exceeded - summary: Exports timelines as an NDJSON file - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_favorite: - patch: - operationId: PersistFavoriteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) timeline. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse - required: - - persistFavorite required: - - data - description: Indicates the favorite status was successfully updated. - '403': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Persists a given users favorite status of a timeline. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_import: - post: - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: {} - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - file - description: The timelines to import as a readable stream. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the import of timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: >- - Indicates the import of timelines was unsuccessful because of an - invalid file extension. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - statusCode: - type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of timelines was unsuccessful. - summary: Imports timelines. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/_prepackaged: - post: - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The timelines to install or update. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the installation of prepackaged timelines was successful. - '500': - content: - 'application:json; Elastic-Api-Version=2023-10-31': - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the installation of prepackaged timelines was - unsuccessful. - summary: Installs prepackaged timelines. - tags: - - Security Timeline API - - 'access:securitySolution' - /api/timeline/resolve: - get: - operationId: ResolveTimeline - parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to resolve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline - required: - - data - - additionalProperties: false - type: object - description: The (template) timeline has been found - '400': - description: The request is missing parameters - '404': - description: The (template) timeline was not found - summary: Get an existing saved timeline or timeline template. + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - /api/timelines: + - Fleet outputs + /api/fleet/package_policies: get: - operationId: GetTimelines + description: List package policies + operationId: get-fleet-package-policies parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - 'true' - - 'false' - nullable: true + - '2023-10-31' type: string - in: query - name: timeline_type + name: page + required: false schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true + type: number - in: query - name: sort_field + name: perPage + required: false schema: - $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' + type: number - in: query - name: sort_order + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false schema: enum: - - asc - desc + - asc type: string - in: query - name: page_size + name: showUpgradeable + required: false schema: - nullable: true - type: string + type: boolean - in: query - name: page_index + name: kuery + required: false schema: - nullable: true type: string - in: query - name: search + name: format + required: false schema: - nullable: true + enum: + - simplified + - legacy type: string - in: query - name: status + name: withAgentCount + required: false schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - customTemplateTimelineCount: + items: + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration + documentation to know what streams are + available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine + procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + page: type: number - defaultTimelineCount: + perPage: type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timeline: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - type: array - totalCount: + total: type: number required: - - timeline - - totalCount - description: Indicates that the (template) timelines were found and returned. + - items + - total + - page + - perPage '400': content: - 'application:json; Elastic-Api-Version=2023-10-31': + application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false + description: Generic Error type: object properties: - body: + error: + type: string + message: type: string statusCode: type: number - description: Bad request. The user supplied invalid data. - summary: >- - This API is used to retrieve a list of existing saved timelines or - timeline templates. + required: + - message + summary: '' tags: - - Security Timeline API - - 'access:securitySolution' - '/s/{spaceId}/api/observability/slos': - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp + - Fleet package policies + post: + description: Create package policy + operationId: post-fleet-package-policies parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' + enum: + - '2023-10-31' type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining + example: 'true' type: string - - description: Sort order - example: asc - in: query - name: sortDirection + - in: query + name: format + required: false schema: - default: asc enum: - - asc - - desc + - simplified + - legacy type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string + anyOf: + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + description: >- + Force package policy creation even if package is not + verified, or if the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + required: + - type + - enabled + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the + agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation for more + information) + type: object + required: + - name + - inputs + - additionalProperties: false + type: object + properties: + description: + type: string + force: + type: boolean + id: + type: string + inputs: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default to + true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Input streams (see integration documentation to + know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration documentation to + know what inputs are available) + type: object + name: + type: string + namespace: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + nullable: true + type: string + policy_ids: + items: + type: string + type: array + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + required: + - name + - package + description: >- + You should use inputs as an object and not use the deprecated + inputs array. responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration documentation + to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp + - Fleet package policies + /api/fleet/package_policies/_bulk_get: + post: + description: Bulk get package policies + operationId: post-fleet-package-policies-bulk-get parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration + documentation to know what streams are + available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine + procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required: + - items '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp + - Fleet package policies + /api/fleet/package_policies/{packagePolicyId}: + delete: + description: Delete package policy by ID + operationId: delete-fleet-package-policies-packagepolicyid parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: force + required: false + schema: + type: boolean responses: - '204': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp + - Fleet package policies + get: + description: Get package policy by ID + operationId: get-fleet-package-policies-packagepolicyid parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string responses: '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration documentation + to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' tags: - - slo -components: - examples: - Alerting_get_health_response: - summary: Retrieve information about the health of the alerting framework. - value: - alerting_framework_health: - decryption_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - execution_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - read_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - has_permanent_encryption_key: true - is_sufficiently_secure: true - Alerting_get_rule_types_response: - summary: Retrieve rule types associated with Kibana machine learning features - value: - - action_groups: - - id: anomaly_score_match - name: Anomaly score matched the condition - - id: recovered - name: Recovered - action_variables: - context: - - description: The bucket timestamp of the anomaly - name: timestamp - - description: The bucket time of the anomaly in ISO8601 format - name: timestampIso8601 - - description: List of job IDs that triggered the alert - name: jobIds - - description: Alert info message - name: message - - description: Indicate if top hits contain interim results - name: isInterim - - description: Anomaly score at the time of the notification action - name: score - - description: Top records - name: topRecords - - description: Top influencers - name: topInfluencers - - description: URL to open in the Anomaly Explorer - name: anomalyExplorerUrl - useWithTripleBracesInTemplates: true - params: [] - state: [] - alerts: - context: ml.anomaly-detection - mappings: - fieldMap: - kibana.alert.anomaly_score: - array: false - type: double - required: false - kibana.alert.anomaly_timestamp: - array: false - type: date - required: false - kibana.alert.is_interim: - array: false - type: boolean - required: false - kibana.alert.job_id: - array: false - type: keyword - required: true - kibana.alert.top_influencers: - array: true - dynamic: false + - Fleet package policies + put: + description: Update package policy by ID + operationId: put-fleet-package-policies-packagepolicyid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - additionalProperties: false type: object properties: - influencer_field_name: - type: keyword - influencer_field_value: - type: keyword - influencer_score: - type: double - initial_influencer_score: - type: double - is_interim: + description: + description: Package policy description + type: string + enabled: type: boolean - job_id: - type: keyword - timestamp: - type: date - required: false - kibana.alert.top_records: - array: true - dynamic: false - type: object - properties: - actual: - type: double - by_field_name: - type: keyword - by_field_value: - type: keyword - detector_index: - type: integer - field_name: - type: keyword - function: - type: keyword - initial_record_score: - type: double - is_interim: + force: type: boolean - job_id: - type: keyword - over_field_name: - type: keyword - over_field_value: - type: keyword - partition_field_name: - type: keyword - partition_field_value: - type: keyword - record_score: - type: double - timestamp: - type: date - typical: - type: double - required: false - shouldWrite: true - authorized_consumers: - alerts: - all: true - read: true - apm: - all: true - read: true - discover: - all: true - read: true - infrastructure: - all: true - read: true - logs: - all: true - read: true - ml: - all: true - read: true - monitoring: - all: true - read: true - siem: - all: true - read: true - slo: - all: true - read: true - stackAlerts: - all: true - read: true - uptime: - all: true - read: true - category: management - default_action_group_id: anomaly_score_match - does_set_recovery_context: true - enabled_in_license: true - has_alerts_mappings: true - has_fields_for_a_a_d: false - id: xpack.ml.anomaly_detection_alert - is_exportable: true - minimum_license_required: platinum - name: Anomaly detection alert - producer: ml - recovery_action_group: - id: recovered - name: Recovered - rule_task_timeout: 5m - - action_groups: - - id: anomaly_detection_realtime_issue - name: Issue detected - - id: recovered - name: Recovered - action_variables: - context: - - description: Results of the rule execution - name: results - - description: Alert info message - name: message - params: [] - state: [] - authorized_consumers: - alerts: - all: true - read: true - apm: - all: true - read: true - discover: - all: true - read: true - infrastructure: - all: true - read: true - logs: - all: true - read: true - ml: - all: true - read: true - monitoring: - all: true - read: true - siem: - all: true - read: true - slo: - all: true - read: true - stackAlerts: - all: true - read: true - uptime: - all: true - read: true - category: management - default_action_group_id: anomaly_detection_realtime_issue - does_set_recovery_context: true - enabled_in_license: true - has_alerts_mappings: false - has_fields_for_a_a_d: false - id: xpack.ml.anomaly_detection_jobs_health - is_exportable: true - minimum_license_required: platinum - name: Anomaly detection jobs health - producer: ml - recovery_action_group: - id: recovered - name: Recovered - rule_task_timeout: 5m - Cases_add_comment_request: - summary: Adds a comment to a case. - value: - comment: A new comment. - owner: cases - type: user - Cases_add_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. - value: - assignees: [] - category: null - closed_at: null - closed_by: null - comments: - - comment: A new comment. - created_at: '2022-10-02T00:49:47.716Z' - created_by: - email: null - full_name: null - username: elastic - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: cases - type: user - version: WzIwNDMxLDFd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2022-03-24T00:37:03.906Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: Field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: true - description: A case description. - duration: null - external_service: null - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - owner: cases - settings: - syncAlerts: false - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 1 - updated_at: '2022-06-03T00:49:47.716Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzIzMzgsMV0= - Cases_create_case_request: - summary: Create a security case that uses a Jira connector. - value: - connector: - fields: - issueType: '10006' - parent: null - priority: High - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - description: A case description. - owner: cases - settings: - syncAlerts: true - tags: - - tag-1 - title: Case title 1 - Cases_create_case_response: - summary: >- - The create case API returns a JSON object that contains details about - the case. - value: - assignees: [] - closed_at: null - closed_by: null - comments: [] - connector: - fields: - issueType: '10006' - parent: null - priority: High - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - created_at: '2022-10-13T15:33:50.604Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: A case description. - duration: null - external_service: null - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 0 - updated_at: null - updated_by: null - version: WzUzMiwxXQ== - Cases_find_case_activity_response: - summary: Retrieves all activity for a case - value: - page: 1 - perPage: 20 - total: 3 - userActions: - - action: create - comment_id: null - created_at: '2023-10-20T01:17:22.150Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: b4cd0770-07c9-11ed-a5fd-47154cb8767e - owner: cases - payload: - assignees: [] - category: null - connector: - fields: null - id: none - name: none - type: .none - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: A case description. - owner: cases - settings: - syncAlerts: false - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - type: create_case - version: WzM1ODg4LDFd - - action: create - comment_id: 578608d0-03b1-11ed-920c-974bfa104448 - created_at: '2023-10-14T20:12:53.354Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 57af14a0-03b1-11ed-920c-974bfa104448 - owner: cases - payload: - comment: A new comment - owner: cases - type: user - type: comment - version: WzM1ODg4LDFa - - action: add - comment_id: null - created_at: '2023-10-20T01:10:28.238Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 573c6980-6123-11ed-aa41-81a0a61fe447 - owner: cases - payload: - assignees: - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - type: assignees - version: WzM1ODg4LDFb - Cases_find_case_response: - summary: >- - Retrieve the first five cases with the `tag-1` tag, in ascending order - by last update time. - value: - cases: - - assignees: [] - category: null - closed_at: null - closed_by: null - comments: [] - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-10-12T00:16:36.371Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: Case description - duration: null - external_service: null - id: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag-1 - title: Case title - totalAlerts: 0 - totalComment: 1 - updated_at: '2023-10-12T00:27:58.162Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzExMCwxXQ== - count_closed_cases: 0 - count_in_progress_cases: 0 - count_open_cases: 1 - page: 1 - per_page: 5 - total: 1 - Cases_find_connector_response: - summary: Retrieve information about the connectors and their settings. - value: - - actionTypeId: .jira - config: - apiUrl: 'https://elastic.atlassian.net/' - projectKey: ES - id: 61787f53-4eee-4741-8df6-8fe84fa616f7 - isDeprecated: false - isMissingSecrets: false - isPreconfigured: false - name: my-Jira - referencedByCount: 0 - Cases_get_case_alerts_response: - summary: Retrieves all alerts attached to a case - value: - - attached_at: '2022-07-25T20:09:40.963Z' - id: f6a7d0c3-d52d-432c-b2e6-447cd7fce04d - index: .alerts-observability.logs.alerts-default - Cases_get_case_configuration_response: - summary: Get the case configuration. - value: - - closure_type: close-by-user - connector: - fields: null - id: none - name: none - type: .none - created_at: '2024-07-01T17:07:17.767Z' - created_by: - email: null - full_name: null - username: elastic - customFields: - - defaultValue: Custom text field value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: false - error: null - id: 856ee650-6c82-11ee-a20a-6164169afa58 - mappings: [] - owner: cases - templates: - - caseFields: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: Default-category - connector: - fields: null - id: none - name: none - type: .none - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: Default text field value. - description: A default description for cases. - settings: - syncAlerts: false - tags: - - Default case tag - title: Default case title - description: A description of the template. - key: 505932fe-ee3a-4960-a661-c781b5acdb05 - name: template-1 - tags: - - Template tag 1 - updated_at: null - updated_by: null - version: WzEyLDNd - Cases_get_case_observability_response: - summary: >- - Retrieves information about an Observability case including its alerts - and comments. - value: - assignees: - - uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - category: null - closed_at: null - closed_by: null - comments: - - alertId: - - a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - created_at: '2023-11-06T19:29:38.424Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 59d438d0-79a9-4864-8d4b-e63adacebf6e - index: - - .internal.alerts-observability.logs.alerts-default-000001 - owner: observability - pushed_at: null - pushed_by: null - rule: - id: 03e4eb87-62ca-4e5d-9570-3d7625e9669d - name: Observability rule - type: alert - updated_at: null - updated_by: null - version: WzY3LDJd - - comment: The first comment. - created_at: '2023-11-06T19:29:57.812Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: d99342d3-3aa3-4b80-90ec-a702607604f5 - owner: observability - pushed_at: null - pushed_by: null - type: user - updated_at: null - updated_by: null - version: WzcyLDJd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-11-06T19:29:04.086Z' - created_by: - email: null - full_name: null - username: elastic - customFields: [] - description: An Observability case description. - duration: null - external_service: null - id: c3ff7550-def1-4e90-b6bc-c9969a4a09b1 - owner: observability - settings: - syncAlerts: false - severity: low - status: in-progress - tags: - - observability - - tag 1 - title: Observability case title 1 - totalAlerts: 1 - totalComment: 1 - updated_at: '2023-11-06T19:47:55.662Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzI0NywyXQ== - Cases_get_case_response: - summary: Retrieves information about a case including its comments. - value: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: null - closed_at: null - closed_by: null - comments: - - comment: A new comment - created_at: '2023-10-13T15:40:32.335Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa - owner: cases - pushed_at: null - pushed_by: null - type: user - updated_at: null - updated_by: null - version: WzM3LDFd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-10-13T15:33:50.604Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: null - description: A case description - duration: null - external_service: null - id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 1 - updated_at: '2023-10-13T15:40:32.335Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzM2LDFd - Cases_get_comment_response: - summary: A single user comment retrieved from a case - value: - comment: A new comment - created_at: '2023-10-07T19:32:13.104Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 8048b460-fe2b-11ec-b15d-779a7c8bbcc3 - owner: cases - pushed_at: null - pushed_by: null - type: user - updated_at: null - updated_by: null - version: WzIzLDFd - Cases_get_reporters_response: - summary: A list of two users that opened cases - value: - - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - - email: jdoe@example.com - full_name: Jane Doe - profile_uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - username: jdoe - Cases_get_tags_response: - summary: A list of tags that are used in cases - value: - - observability - - security - - tag 1 - - tag 2 - Cases_push_case_response: - summary: >- - The push case API returns a JSON object with details about the case and - the external service. - value: - closed_at: null - closed_by: null - comments: [] - connector: - fields: - issueType: '10006' - parent: null - priority: Low - id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 - name: My connector - type: .jira - created_at: '2022-07-29T00:59:39.444Z' - created_by: - email: null - full_name: null - username: elastic - description: A case description. - duration: null - external_service: - connector_id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 - connector_name: My connector - external_id: '71926' - external_title: ES-554 - external_url: 'https://cases.jira.com' - pushed_at: '2022-07-29T01:20:58.436Z' - pushed_by: - email: null - full_name: null - username: elastic - id: b917f300-0ed9-11ed-bd18-65557fe66949 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 0 - updated_at: '2022-07-29T01:20:58.436Z' - updated_by: - email: null - full_name: null - username: elastic - version: WzE3NjgsM10= - Cases_set_case_configuration_request: - summary: >- - Set the closure type, custom fields, and default connector for Stack - Management cases. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - customFields: - - defaultValue: My custom field default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: false - owner: cases - templates: - - caseFields: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: Default-category - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: A text field value for the template. - description: A default description for cases. - tags: - - Default case tag - title: Default case title - description: A description of the template. - key: 505932fe-ee3a-4960-a661-c781b5acdb05 - name: template-1 - tags: - - Template tag 1 - Cases_set_case_configuration_response: - summary: This is an example response for case settings. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - created_at: '2024-07-01T17:07:17.767Z' - created_by: - email: 'null,' - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - defaultValue: My custom field default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: false - error: null - id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - - action_type: overwrite - source: title - target: summary - - action_type: overwrite - source: description - target: description - - action_type: append - source: comments - target: comments - - action_type: overwrite - source: tags - target: labels - owner: cases - templates: - - caseFields: - assignees: - - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - category: Default-category - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: A text field value for the template. - description: A default description for cases. - tags: - - Default case tag - title: Default case title - description: A description of the template. - key: 505932fe-ee3a-4960-a661-c781b5acdb05 - name: template-1 - tags: - - Template tag 1 - updated_at: null - updated_by: null - version: WzIwNzMsMV0= - Cases_update_case_configuration_request: - summary: Update the case settings. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - customFields: - - defaultValue: A new default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: true - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - label: my-toggle - type: toggle - required: false - version: WzExOSw0XQ== - Cases_update_case_configuration_response: - summary: This is an example response when the case configuration was updated. - value: - closure_type: close-by-user - connector: - fields: null - id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 - name: my-jira-connector - type: .jira - created_at: '2024-07-01T17:07:17.767Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - defaultValue: A new default value. - key: d312efda-ec2b-42ec-9e2c-84981795c581 - label: my-text-field - type: text - required: true - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - label: my-toggle - type: toggle - required: false - error: null - id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - mappings: - - action_type: overwrite - source: title - target: summary - - action_type: overwrite - source: description - target: description - - action_type: overwrite - source: tags - target: labels - - action_type: append - source: comments - target: comments - owner: cases - templates: [] - updated_at: '2024-07-19T00:52:42.401Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzI2LDNd - Cases_update_case_request: - summary: 'Update the case description, tags, and connector.' - value: - cases: - - connector: - fields: - issueType: '10006' - parent: null - priority: null - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - customFields: - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: false - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My new field value - description: A case description. - id: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 - settings: - syncAlerts: true - tags: - - tag-1 - version: WzIzLDFd - Cases_update_case_response: - summary: >- - This is an example response when the case description, tags, and - connector were updated. - value: - - assignees: [] - category: null - closed_at: null - closed_by: null - comments: [] - connector: - fields: - issueType: '10006' - parent: null - priority: null - id: 131d4448-abe0-4789-939d-8ef60680b498 - name: My connector - type: .jira - created_at: '2023-10-13T09:16:17.416Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My new field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: false - description: A case description. - duration: null - external_service: - connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8 - connector_name: Jira - external_id: '10003' - external_title: IS-4 - external_url: 'https://hms.atlassian.net/browse/IS-4' - pushed_at: '2023-10-13T09:20:40.672Z' - pushed_by: - email: null - full_name: null - username: elastic - id: 66b9aa00-94fa-11ea-9f74-e7e108796192 - owner: cases - settings: - syncAlerts: true - severity: low - status: open - tags: - - tag-1 - title: Case title 1 - totalAlerts: 0 - totalComment: 0 - updated_at: '2023-10-13T09:48:33.043Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzU0OCwxXQ== - Cases_update_comment_request: - summary: Updates a comment of a case. - value: - comment: An updated comment. - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: cases - type: user - version: Wzk1LDFd - Cases_update_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. - value: - assignees: [] - category: null - closed_at: null - closed_by: null - comments: - - comment: An updated comment. - created_at: '2023-10-24T00:37:10.832Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: cases - pushed_at: null - pushed_by: null - type: user - updated_at: '2023-10-24T01:27:06.210Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzIwNjM3LDFd - connector: - fields: null - id: none - name: none - type: .none - created_at: '2023-10-24T00:37:03.906Z' - created_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - customFields: - - key: d312efda-ec2b-42ec-9e2c-84981795c581 - type: text - value: My new field value - - key: fcc6840d-eb14-42df-8aaf-232201a705ec - type: toggle - value: false - description: A case description. - duration: null - external_service: null - id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 - owner: cases - settings: - syncAlerts: false - severity: low - status: open - tags: - - tag 1 - title: Case title 1 - totalAlerts: 0 - totalComment: 1 - updated_at: '2023-10-24T01:27:06.210Z' - updated_by: - email: null - full_name: null - profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 - username: elastic - version: WzIwNjM2LDFd - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: 'emit(doc[''shape_name''].value)' - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: 'emit(doc["foo"].value)' - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: '$0,0.00' - products.base_unit_price: - id: number - params: - pattern: '$0,0.00' - products.min_price: - id: number - params: - pattern: '$0,0.00' - products.price: - id: number - params: - pattern: '$0,0.00' - products.taxful_price: - id: number - params: - pattern: '$0,0.00' - products.taxless_price: - id: number - params: - pattern: '$0,0.00' - taxful_total_price: - id: number - params: - pattern: '$0,0.[00]' - taxless_total_price: - id: number - params: - pattern: '$0,0.00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category - type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name - type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name - type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name - type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer - type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer - type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name - type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: '$0,0.00' - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: '$0,0.[00]' - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: '$0,0.[00]' - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + required: + - type + - enabled + type: array + is_managed: + type: boolean + name: + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the + agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation for more + information) + type: object + version: + type: string + - additionalProperties: false + type: object + properties: + description: + type: string + force: + type: boolean + id: + type: string + inputs: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default to + true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Input streams (see integration documentation to + know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration documentation to + know what inputs are available) + type: object + name: + type: string + namespace: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + nullable: true + type: string + policy_ids: + items: + type: string + type: array + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + required: + - name + - package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default to + true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration documentation + to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit + the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the package + policy. The override option should be used only in + unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will be + added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy will be + added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration documentation + for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see integration + documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/delete: + post: + description: Bulk delete package policies + operationId: post-fleet-package-policies-delete + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + additionalProperties: false + type: object + properties: + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + id: + type: string + name: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Use `policy_ids` instead + nullable: true + type: string + policy_ids: + items: + type: string + type: array + statusCode: + type: number + success: + type: boolean + required: + - id + - success + - policy_ids + - package + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade: + post: + description: Upgrade package policy to a newer package version + operationId: post-fleet-package-policies-upgrade + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + additionalProperties: false + type: object + properties: + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + id: + type: string + name: + type: string + statusCode: + type: number + success: + type: boolean + required: + - id + - success + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + description: Dry run package policy upgrade + operationId: post-fleet-package-policies-upgrade-dryrun + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + additionalProperties: false + type: object + properties: + agent_diff: + items: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + required: + - package + name: + type: string + package_policy_id: + type: string + processors: + items: + additionalProperties: true + type: object + properties: + add_fields: + additionalProperties: true + type: object + properties: + fields: + additionalProperties: + anyOf: + - type: string + - type: number + type: object + target: + type: string + required: + - target + - fields + required: + - add_fields + type: array + revision: + type: number + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + type: array + type: array + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + diff: + items: + anyOf: + - additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that input, (default + to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: >- + enable or disable that stream, (default + to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Input streams (see integration + documentation to know what streams are + available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration + documentation to know what inputs are + available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should be + used only in unusual circumstances and not as + a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will + be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: >- + Input/stream level variable (see + integration documentation for more + information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - revision + - updated_at + - updated_by + - created_at + - created_by + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + errors: + items: + additionalProperties: false + type: object + properties: + key: + type: string + message: + type: string + required: + - message + type: array + force: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - type + - enabled + - streams + type: array + is_managed: + type: boolean + missingVars: + items: + type: string + type: array + name: + description: Package policy name (should be unique) + type: string + namespace: + description: >- + The package policy namespace. Leave blank to + inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: >- + Override settings that are defined in the + package policy. The override option should be + used only in unusual circumstances and not as + a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: >- + Agent policy ID where that package policy will + be added + nullable: true + type: string + policy_ids: + items: + description: >- + Agent policy IDs where that package policy + will be added + type: string + type: array + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: >- + Package variable (see integration + documentation for more information) + type: object + required: + - name + - enabled + - inputs + type: array + hasErrors: + type: boolean + name: + type: string + statusCode: + type: number + required: + - hasErrors + type: array + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet package policies + /api/fleet/proxies: + get: + description: List proxies + operationId: get-fleet-proxies + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + post: + description: Create proxy + operationId: post-fleet-proxies + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - url + - name + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + /api/fleet/proxies/{itemId}: + delete: + description: Delete proxy by ID + operationId: delete-fleet-proxies-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + get: + description: Get proxy by ID + operationId: get-fleet-proxies-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + put: + description: Update proxy by ID + operationId: put-fleet-proxies-itemid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - proxy_headers + - certificate_authorities + - certificate + - certificate_key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + description: Create a service token + operationId: post-fleet-service-tokens + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + nullable: true + type: object + properties: + remote: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + name: + type: string + value: + type: string + required: + - name + - value + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet service tokens + /api/fleet/service-tokens: + post: + description: Create a service token + operationId: post-fleet-service-tokens-2 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: {} + summary: '' + tags: [] + /api/fleet/settings: + get: + description: Get settings + operationId: get-fleet-settings + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + fleet_server_hosts: + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + required: + - id + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet internals + put: + description: Update settings + operationId: put-fleet-settings + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + additional_yaml_config: + type: string + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + fleet_server_hosts: + items: + format: uri + type: string + type: array + has_seen_add_data_notice: + type: boolean + kibana_ca_sha256: + type: string + kibana_urls: + items: + format: uri + type: string + type: array + prerelease_integrations_enabled: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + fleet_server_hosts: + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + required: + - id + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/setup: + post: + description: Initiate Fleet setup + operationId: post-fleet-setup + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: >- + A summary of the result of Fleet's `setup` lifecycle. If + `isInitialized` is true, Fleet is ready to accept agent + enrollment. `nonFatalErrors` may include useful insight into + non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Internal Server Error + type: object + properties: + message: + type: string + required: + - message + summary: '' + tags: + - Fleet internals + /api/fleet/uninstall_tokens: + get: + description: List metadata for latest uninstall tokens per agent policy + operationId: get-fleet-uninstall-tokens + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + maxLength: 50 + type: string + - in: query + name: search + required: false + schema: + maxLength: 50 + type: string + - description: The number of items to return + in: query + name: perPage + required: false + schema: + minimum: 5 + type: number + - in: query + name: page + required: false + schema: + minimum: 1 + type: number + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet uninstall tokens + /api/fleet/uninstall_tokens/{uninstallTokenId}: + get: + description: Get one decrypted uninstall token by its ID + operationId: get-fleet-uninstall-tokens-uninstalltokenid + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + token: + type: string + required: + - id + - policy_id + - created_at + - token + required: + - item + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: '' + tags: + - Fleet uninstall tokens + /api/lists: + delete: + description: | + Delete a list using the list ID. + > info + > When you delete a list, all of its list items are also deleted. + operationId: DeleteList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - in: query + name: deleteReferences + required: false + schema: + default: false + type: boolean + - in: query + name: ignoreReferences + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list + tags: + - Security Lists API + get: + description: Get the details of a list using the list ID. + operationId: ReadList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list details + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list using the list ID. + operationId: PatchList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list + tags: + - Security Lists API + post: + description: Create a new list. + operationId: CreateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer + required: + - name + - description + - type + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list + tags: + - Security Lists API + put: + description: > + Update a list using the list ID. The original list is replaced, and all + unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + - name + - description + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list + tags: + - Security Lists API + /api/lists/_find: + get: + description: >- + Get a paginated subset of lists. By default, the first page is returned, + with 20 results per page. + operationId: FindLists + parameters: + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of lists to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_List' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get lists + tags: + - Security Lists API + /api/lists/index: + delete: + description: Delete the `.lists` and `.items` data streams. + operationId: DeleteListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete list data streams + tags: + - Security Lists API + get: + description: Verify that `.lists` and `.items` data streams exist. + operationId: ReadListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + list_index: + type: boolean + list_item_index: + type: boolean + required: + - list_index + - list_item_index + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream(s) not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get status of list data streams + tags: + - Security Lists API + post: + description: Create `.lists` and `.items` data streams in the relevant space. + operationId: CreateListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create list data streams + tags: + - Security Lists API + /api/lists/items: + delete: + description: Delete a list item using its `id`, or its `list_id` and `value` fields. + operationId: DeleteListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + default: 'false' + enum: + - 'true' + - 'false' + - wait_for + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list item + tags: + - Security Lists API + get: + description: Get the details of a list item. + operationId: ReadListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get a list item + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list item using the list item ID. + operationId: PatchListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list item + tags: + - Security Lists API + post: + description: > + Create a list item and associate it with the specified list. + + + All list items in the same list must be the same type. For example, each + list item in an `ip` list must define a specific IP address. + + > info + + > Before creating a list item, you must create a list. + operationId: CreateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - list_id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list item + tags: + - Security Lists API + put: + description: > + Update a list item using the list item ID. The original list item is + replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list item + tags: + - Security Lists API + /api/lists/items/_export: + post: + description: Export list item values from the specified list. + operationId: ExportListItems + parameters: + - description: List's id to export + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: A `.txt` file containing list items from the specified list + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Export list items + tags: + - Security Lists API + /api/lists/items/_find: + get: + description: Get all list items in the specified list. + operationId: FindListItems + parameters: + - description: List's id + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of list items to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: >- + #/components/schemas/Security_Lists_API_FindListItemsCursor + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list items + tags: + - Security Lists API + /api/lists/items/_import: + post: + description: > + Import list items from a TXT or CSV file. The maximum file size is 9 + million bytes. + + + You can import items to a new or existing list. + operationId: ImportListItems + parameters: + - description: | + List's id. + + Required when importing to an existing list. + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: > + Type of the importing list. + + + Required when importing a new list that is `list_id` is not + specified. + in: query + name: type + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListType' + - in: query + name: serializer + required: false + schema: + type: string + - in: query + name: deserializer + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + enum: + - 'true' + - 'false' + - wait_for + type: string + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: >- + A `.txt` or `.csv` file containing newline separated list + items + format: binary + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List with specified list_id does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Import list items + tags: + - Security Lists API + /api/lists/privileges: + get: + operationId: ReadListPrivileges + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + required: + - lists + - listItems + - is_authenticated + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list privileges + tags: + - Security Lists API + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync saved objects in the default space + tags: + - ml + /api/note: + delete: + description: Delete a note from a Timeline using the note ID. + operationId: DeleteNote + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + - nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + description: The ID of the note to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + description: Indicates the note was successfully deleted. + summary: Delete a note + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get all notes for a given document. + operationId: GetNotes + parameters: + - in: query + name: documentIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' + - in: query + name: savedObjectIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + - in: query + name: page + schema: + nullable: true + type: string + - in: query + name: perPage + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: sortField + schema: + nullable: true + type: string + - in: query + name: sortOrder + schema: + nullable: true + type: string + - in: query + name: filter + schema: + nullable: true + type: string + - in: query + name: createdByFilter + schema: + nullable: true + type: string + - in: query + name: associatedFilter + schema: + $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object + description: Indicates the requested notes were returned. + summary: Get notes + tags: + - Security Timeline API + - access:securitySolution + patch: + description: Add a note to a Timeline or update an existing note. + operationId: PersistNoteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventDataView: + nullable: true + type: string + eventIngested: + nullable: true + type: string + eventTimestamp: + nullable: true + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + noteId: + nullable: true + type: string + overrideOwner: + nullable: true + type: boolean + version: + nullable: true + type: string + required: + - note + description: The note to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistNote: + $ref: >- + #/components/schemas/Security_Timeline_API_ResponseNote + required: + - persistNote + required: + - data + description: Indicates the note was successfully created. + summary: Add or update a note + tags: + - Security Timeline API + - access:securitySolution + /api/osquery/live_queries: + get: + description: Get a list of all live queries. + operationId: OsqueryFindLiveQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live queries + tags: + - Security Osquery API + post: + description: Create and run a live query. + operationId: OsqueryCreateLiveQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a live query + tags: + - Security Osquery API + /api/osquery/live_queries/{id}: + get: + description: Get the details of a live query using the query ID. + operationId: OsqueryGetLiveQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + schema: + additionalProperties: true + type: object + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query details + tags: + - Security Osquery API + /api/osquery/live_queries/{id}/results/{actionId}: + get: + description: Get the results of a live query using the query action ID. + operationId: OsqueryGetLiveQueryResults + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: path + name: actionId + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query results + tags: + - Security Osquery API + /api/osquery/packs: + get: + description: Get a list of all query packs. + operationId: OsqueryFindPacks + parameters: + - in: query + name: query + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get packs + tags: + - Security Osquery API + post: + description: Create a query pack. + operationId: OsqueryCreatePacks + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a pack + tags: + - Security Osquery API + /api/osquery/packs/{id}: + delete: + description: Delete a query pack using the pack ID. + operationId: OsqueryDeletePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a pack + tags: + - Security Osquery API + get: + description: Get the details of a query pack using the pack ID. + operationId: OsqueryGetPacksDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get pack details + tags: + - Security Osquery API + put: + description: | + Update a query pack using the pack ID. + > info + > You cannot update a prebuilt pack. + operationId: OsqueryUpdatePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a pack + tags: + - Security Osquery API + /api/osquery/saved_queries: + get: + description: Get a list of all saved queries. + operationId: OsqueryFindSavedQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved queries + tags: + - Security Osquery API + post: + description: Create and run a saved query. + operationId: OsqueryCreateSavedQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a saved query + tags: + - Security Osquery API + /api/osquery/saved_queries/{id}: + delete: + description: Delete a saved query using the query ID. + operationId: OsqueryDeleteSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a saved query + tags: + - Security Osquery API + get: + description: Get the details of a saved query using the query ID. + operationId: OsqueryGetSavedQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved query details + tags: + - Security Osquery API + put: + description: | + Update a saved query using the query ID. + > info + > You cannot update a prebuilt saved query. + operationId: OsqueryUpdateSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a saved query + tags: + - Security Osquery API + /api/pinned_event: + patch: + description: Pin an event to an existing Timeline. + operationId: PersistPinnedEventRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventId: + type: string + pinnedEventId: + nullable: true + type: string + timelineId: + type: string + required: + - eventId + - timelineId + description: The pinned event to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistPinnedEventOnTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + required: + - persistPinnedEventOnTimeline + required: + - data + description: Indicates the event was successfully pinned to the Timeline. + summary: Pin an event + tags: + - Security Timeline API + - access:securitySolution + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cleanup_successful: + type: boolean + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + description: Unexpected error + summary: Cleanup the Risk Engine + tags: + - Security Entity Analytics API + /api/risk_score/engine/schedule_now: + post: + description: >- + Schedule the risk scoring engine to run as soon as possible. You can use + this to recalculate entity risk scores after updating their asset + criticality. + operationId: ScheduleRiskEngineNow + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: {} + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + description: Unexpected error + summary: Run the risk scoring engine + tags: + - Security Entity Analytics API + /api/saved_objects/_bulk_create: + post: + deprecated: true + operationId: bulkCreateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: When true, overwrites the document with the same identifier. + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Create saved objects + tags: + - saved objects + /api/saved_objects/_bulk_delete: + post: + deprecated: true + description: | + WARNING: When you delete a saved object, it cannot be recovered. + operationId: bulkDeleteSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Delete saved objects + tags: + - saved objects + /api/saved_objects/_bulk_get: + post: + deprecated: true + operationId: bulkGetSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Get saved objects + tags: + - saved objects + /api/saved_objects/_bulk_resolve: + post: + deprecated: true + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + operationId: bulkResolveSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Resolve saved objects + tags: + - saved objects + /api/saved_objects/_bulk_update: + post: + deprecated: true + description: Update the attributes for multiple Kibana saved objects. + operationId: bulkUpdateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Update saved objects + tags: + - saved objects + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_find: + get: + deprecated: true + description: Retrieve a paginated set of Kibana saved objects. + operationId: findSavedObjects + parameters: + - description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + in: query + name: aggs + schema: + type: string + - description: The default operator to use for the `simple_query_string`. + in: query + name: default_search_operator + schema: + type: string + - description: The fields to return in the attributes key of the response. + in: query + name: fields + schema: + oneOf: + - type: string + - type: array + - description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + in: query + name: has_no_reference + schema: + type: object + - description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + in: query + name: has_no_reference_operator + schema: + type: string + - description: >- + Filters to objects that have a relationship with the type and ID + combination. + in: query + name: has_reference + schema: + type: object + - description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. + in: query + name: has_reference_operator + schema: + type: string + - description: The page of objects to return. + in: query + name: page + schema: + type: integer + - description: The number of objects to return per page. + in: query + name: per_page + schema: + type: integer + - description: >- + An Elasticsearch `simple_query_string` query that filters the + objects in the response. + in: query + name: search + schema: + type: string + - description: >- + The fields to perform the `simple_query_string` parsed query + against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - type: array + - description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + in: query + name: sort_field + schema: + type: string + - description: The saved object types to include. + in: query + name: type + required: true + schema: + oneOf: + - type: string + - type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Search for saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/saved_objects/_resolve_import_errors: + post: + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: resolveImportErrors + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + - description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + in: query + name: createNewCopies + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request + schema: + type: object + properties: + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. + items: + type: object + properties: + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + items: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + type: array + type: + description: The saved object type. + type: string + required: + - type + - id + type: array + required: + - retries + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsResponse: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_response + schema: + type: object + properties: + errors: + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. + items: + type: object + type: array + success: + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve import errors + tags: + - saved objects + /api/saved_objects/{type}: + post: + deprecated: true + description: Create a Kibana saved object with a randomly generated identifier. + operationId: createSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: If true, overwrites the document with the same identifier. + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + /api/saved_objects/{type}/{id}: + get: + deprecated: true + description: Retrieve a single Kibana saved object by identifier. + operationId: getSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Get a saved object + tags: + - saved objects + post: + deprecated: true + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + operationId: createSavedObjectId + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: If true, overwrites the document with the same identifier. + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + put: + deprecated: true + description: Update the attributes for Kibana saved objects. + operationId: updateSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates the object was not found. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Update a saved object + tags: + - saved objects + /api/saved_objects/resolve/{type}/{id}: + get: + deprecated: true + description: > + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + operationId: resolveSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve a saved object + tags: + - saved objects + /api/security_ai_assistant/anonymization_fields/_bulk_action: + post: + description: >- + Apply a bulk action to multiple anonymization fields. The bulk action is + applied to all anonymization fields that match the filter or to the list + of anonymization fields by their IDs. + operationId: PerformAnonymizationFieldsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of anonymization fields IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter anonymization fields + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to anonymization fields + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/anonymization_fields/_find: + get: + description: Get a list of all anonymization fields. + operationId: FindAnonymizationFields + parameters: + - in: query + name: fields + required: false + schema: + items: type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: AnonymizationFields per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get anonymization fields + tags: + - Security AI Assistant API + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: + post: + description: Create a model response for the given chat conversation. + operationId: ChatComplete + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' + required: true + responses: + '200': + content: + application/octet-stream; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a model response + tags: + - Security AI Assistant API + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: + post: + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: + get: + description: Get a list of all conversations for the current user. + operationId: FindConversations + parameters: + - in: query + name: fields + required: false + schema: + items: type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Conversations per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get conversations + tags: + - Security AI Assistant API + - Conversations API + /api/security_ai_assistant/current_user/conversations/{id}: + delete: + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Delete a conversation + tags: + - Security AI Assistant API + - Conversation API + get: + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation + tags: + - Security AI Assistant API + - Conversations API + put: + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: + get: + description: Get a list of all prompts. + operationId: FindPrompts + parameters: + - in: query + name: fields + required: false + schema: + items: type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts + tags: + - Security AI Assistant API + - Prompts API + /api/security/role: + get: + operationId: get-security-role + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query + name: replaceDeprecatedPrivileges + required: false + schema: + type: boolean + responses: + '200': + description: Indicates a successful call. + summary: Get all roles + tags: + - roles + /api/security/role/{name}: + delete: + operationId: delete-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: name + required: true + schema: + minLength: 1 + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a role + tags: + - roles + get: + operationId: get-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The role name. + in: path + name: name + required: true + schema: + minLength: 1 + type: string + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query + name: replaceDeprecatedPrivileges + required: false + schema: + type: boolean + responses: + '200': + description: Indicates a successful call. + summary: Get a role + tags: + - roles + put: + description: >- + Create a new Kibana role or update the attributes of an existing role. + Kibana roles are stored in the Elasticsearch native realm. + operationId: put-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The role name. + in: path + name: name + required: true + schema: + maxLength: 1024 + minLength: 1 + type: string + - description: When true, a role is not overwritten if it already exists. + in: query + name: createOnly + required: false + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. + type: string + type: array + indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + covers the restricted indices too. + type: boolean + field_security: + additionalProperties: + items: + description: >- + The document fields that the role members have + read access to. + type: string + type: array + type: object + names: + items: + description: >- + The data streams, indices, and aliases to which + the permissions in this entry apply. It supports + wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that the role members + have for the data streams and indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The cluster level privileges for the remote + cluster. The allowed values are a subset of the + cluster privileges. + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + will cover the restricted indices too. + type: boolean + clusters: + items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + description: >- + The document fields that the role members have + read access to. + type: string + type: array + type: object + names: + items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that role members + have for the specified indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + description: >- + A base privilege that grants applies to all + spaces. + type: string + type: array + - items: + description: >- + A base privilege that applies to specific + spaces. + type: string + type: array + feature: + additionalProperties: + items: + description: >- + The privileges that the role member has for the + feature. + type: string + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + description: A space that the privilege applies to. + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + responses: + '204': + description: Indicates a successful call. + summary: Create or update a role + tags: + - roles + /api/security/roles: + post: + operationId: post-security-roles + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + roles: + additionalProperties: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. + type: string + type: array + indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field covers the restricted + indices too. + type: boolean + field_security: + additionalProperties: + items: + description: >- + The document fields that the role + members have read access to. + type: string + type: array + type: object + names: + items: + description: >- + The data streams, indices, and aliases to + which the permissions in this entry apply. + It supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that the role + members have for the data streams and + indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role members. + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The cluster level privileges for the + remote cluster. The allowed values are a + subset of the cluster privileges. + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field will cover the restricted + indices too. + type: boolean + clusters: + items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + description: >- + The document fields that the role + members have read access to. + type: string + type: array + type: object + names: + items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that role + members have for the specified indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role + members. + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: + description: >- + A user name that the role member can + impersonate. + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + description: >- + A base privilege that grants applies to + all spaces. + type: string + type: array + - items: + description: >- + A base privilege that applies to specific + spaces. + type: string + type: array + feature: + additionalProperties: + items: + description: >- + The privileges that the role member has for + the feature. + type: string + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + description: A space that the privilege applies to. + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + type: object + required: + - roles + responses: + '200': + description: Indicates a successful call. + summary: Create or update roles + tags: + - roles + /api/spaces/_copy_saved_objects: + post: + description: >- + It also allows you to automatically copy related objects, so when you + copy a dashboard, this can automatically copy over the associated + visualizations, data views, and saved searches, as required. You can + request to overwrite any objects that already exist in the target space + if they share an identifier or you can use the resolve copy saved + objects conflicts API to do this on a per-object basis. + operationId: post-spaces-copy-saved-objects + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + description: >- + Apply various adjustments to the saved objects that are + being copied to maintain compatibility between different + Kibana versions. Use this option only if you encounter + issues with copied saved objects. This option cannot be used + with the `createNewCopies` option. + type: boolean + createNewCopies: + default: true + description: >- + Create new copies of saved objects, regenerate each object + identifier, and reset the origin. When used, potential + conflict errors are avoided. This option cannot be used + with the `overwrite` and `compatibilityMode` options. + type: boolean + includeReferences: + default: false + description: >- + When set to true, all saved objects related to the specified + saved objects will also be copied into the target spaces. + type: boolean + objects: + items: + additionalProperties: false + type: object + properties: + id: + description: The identifier of the saved object to copy. + type: string + type: + description: The type of the saved object to copy. + type: string + required: + - type + - id + type: array + overwrite: + default: false + description: >- + When set to true, all conflicts are automatically + overridden. When a saved object with a matching type and + identifier exists in the target space, that version is + replaced with the version from the source space. This option + cannot be used with the `createNewCopies` option. + type: boolean + spaces: + items: + description: >- + The identifiers of the spaces where you want to copy the + specified objects. + type: string + type: array + required: + - spaces + - objects + responses: {} + summary: Copy saved objects between spaces + tags: + - spaces + /api/spaces/_disable_legacy_url_aliases: + post: + operationId: post-spaces-disable-legacy-url-aliases + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + aliases: + items: + additionalProperties: false + type: object + properties: + sourceId: + description: >- + The alias source object identifier. This is the legacy + object identifier. + type: string + targetSpace: + description: The space where the alias target object exists. + type: string + targetType: + description: 'The type of alias target object. ' + type: string + required: + - targetSpace + - targetType + - sourceId + type: array + required: + - aliases + responses: {} + summary: Disable legacy URL aliases + tags: + - spaces + /api/spaces/_get_shareable_references: + post: + description: Collect references and space contexts for saved objects. + operationId: post-spaces-get-shareable-references + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + objects: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + required: + - objects + responses: {} + summary: Get shareable references + tags: + - spaces + /api/spaces/_resolve_copy_saved_objects_errors: + post: + description: >- + Overwrite saved objects that are returned as errors from the copy saved + objects to space API. + operationId: post-spaces-resolve-copy-saved-objects-errors + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + type: boolean + createNewCopies: + default: true + type: boolean + includeReferences: + default: false + type: boolean + objects: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + retries: + additionalProperties: + items: + additionalProperties: false + type: object + properties: + createNewCopy: + description: >- + Creates new copies of the saved objects, regenerates + each object ID, and resets the origin. + type: boolean + destinationId: + description: >- + Specifies the destination identifier that the copied + object should have, if different from the current + identifier. + type: string + id: + description: The saved object identifier. + type: string + ignoreMissingReferences: + description: >- + When set to true, any missing references errors are + ignored. + type: boolean + overwrite: + default: false + description: >- + When set to true, the saved object from the source + space overwrites the conflicting object in the + destination space. + type: boolean + type: + description: The saved object type. + type: string + required: + - type + - id + type: array + type: object + required: + - retries + - objects + responses: {} + summary: Resolve conflicts copying saved objects + tags: [] + /api/spaces/_update_objects_spaces: + post: + description: Update one or more saved objects to add or remove them from some spaces. + operationId: post-spaces-update-objects-spaces + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + objects: + items: + additionalProperties: false + type: object + properties: + id: + description: The identifier of the saved object to update. + type: string + type: + description: The type of the saved object to update. + type: string + required: + - type + - id + type: array + spacesToAdd: + items: + description: >- + The identifiers of the spaces the saved objects should be + added to or removed from. + type: string + type: array + spacesToRemove: + items: + description: >- + The identifiers of the spaces the saved objects should be + added to or removed from. + type: string + type: array + required: + - objects + - spacesToAdd + - spacesToRemove + responses: {} + summary: Update saved objects in spaces + tags: + - spaces + /api/spaces/space: + get: + operationId: get-spaces-space + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: >- + Specifies which authorization checks are applied to the API call. + The default value is `any`. + in: query + name: purpose + required: false + schema: + enum: + - any + - copySavedObjectsIntoSpace + - shareSavedObjectsIntoSpace + type: string + - description: >- + When enabled, the API returns any spaces that the user is authorized + to access in any capacity and each space will contain the purposes + for which the user is authorized. This can be useful to determine + which spaces a user can read but not take a specific action in. If + the security plugin is not enabled, this parameter has no effect, + since no authorization checks take place. This parameter cannot be + used in with the `purpose` parameter. + in: query + name: include_authorized_purposes + required: true + schema: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - false + type: boolean + x-oas-optional: true + - type: boolean + x-oas-optional: true + responses: + '200': + description: Indicates a successful call. + summary: Get all spaces + tags: + - spaces + post: + operationId: post-spaces-space + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: >- + The hexadecimal color code used in the space avatar. By + default, the color is automatically generated from the space + name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + type: array + id: + description: >- + The space ID that is part of the Kibana URL when inside the + space. Space IDs are limited to lowercase alphanumeric, + underscore, and hyphen characters (a-z, 0-9, _, and -). You + are cannot change the ID with the update operation. + type: string + imageUrl: + description: >- + The data-URL encoded image to display in the space avatar. + If specified, initials will not be displayed and the color + will be visible as the background color for transparent + images. For best results, your image should be 64x64. Images + will not be optimized by this API call, so care should be + taken when using custom images. + type: string + initials: + description: >- + One or two characters that are shown in the space avatar. By + default, the initials are automatically generated from the + space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + responses: + '200': + description: Indicates a successful call. + summary: Create a space + tags: + - spaces + /api/spaces/space/{id}: + delete: + description: >- + When you delete a space, all saved objects that belong to the space are + automatically deleted, which is permanent and cannot be undone. + operationId: delete-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The space identifier. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + '404': + description: Indicates that the request failed. + summary: Delete a space + tags: + - spaces + get: + operationId: get-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The space identifier. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + description: Indicates a successful call. + summary: Get a space + tags: + - spaces + put: + operationId: put-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: >- + The space identifier. You are unable to change the ID with the + update operation. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + description: >- + The hexadecimal color code used in the space avatar. By + default, the color is automatically generated from the space + name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] + items: + description: The list of features that are turned off in the space. + type: string + type: array + id: + description: >- + The space ID that is part of the Kibana URL when inside the + space. Space IDs are limited to lowercase alphanumeric, + underscore, and hyphen characters (a-z, 0-9, _, and -). You + are cannot change the ID with the update operation. + type: string + imageUrl: + description: >- + The data-URL encoded image to display in the space avatar. + If specified, initials will not be displayed and the color + will be visible as the background color for transparent + images. For best results, your image should be 64x64. Images + will not be optimized by this API call, so care should be + taken when using custom images. + type: string + initials: + description: >- + One or two characters that are shown in the space avatar. By + default, the initials are automatically generated from the + space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + responses: + '200': + description: Indicates a successful call. + summary: Update a space + tags: + - spaces + /api/status: + get: + operationId: get-status + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /api/timeline: + delete: + description: Delete one or more Timelines or Timeline templates. + operationId: DeleteTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + savedObjectIds: + items: + type: string + type: array + searchIds: + description: >- + Saved search ids that should be deleted alongside the + timelines + items: + type: string + type: array + required: + - savedObjectIds + description: The IDs of the Timelines or Timeline templates to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + deleteTimeline: + type: boolean + required: + - deleteTimeline + required: + - data + description: Indicates the Timeline was successfully deleted. + summary: Delete Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get the details of an existing saved Timeline or Timeline template. + operationId: GetTimeline + parameters: + - description: The ID of the template timeline to retrieve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the Timeline to retrieve. + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + type: object + properties: + getOneTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + required: + - getOneTimeline + required: + - data + - additionalProperties: false + type: object + description: Indicates that the (template) Timeline was found and returned. + summary: Get Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + patch: + description: >- + Update an existing Timeline. You can update the title, description, date + range, pinned events, pinned queries, and/or pinned saved queries of an + existing Timeline. + operationId: PatchTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - timelineId + - version + - timeline + description: The Timeline updates, along with the Timeline ID and version. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates that the user does not have the required access to create + a draft Timeline. + summary: Update a Timeline + tags: + - Security Timeline API + - access:securitySolution + post: + description: Create a new Timeline or Timeline template. + operationId: CreateTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true + type: string + required: + - timeline + description: >- + The required Timeline fields used to create a new Timeline, along with + optional fields that will be created if not provided. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates the Timeline was successfully created. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that there was an error in the Timeline creation. + summary: Create a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_copy: + get: + description: | + Copies and returns a timeline or timeline template. + operationId: CopyTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the timeline has been successfully copied. + summary: Copies timeline or timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_draft: + get: + description: >- + Get the details of the draft Timeline or Timeline template for the + current user. If the user doesn't have a draft Timeline, an empty + Timeline is returned. + operationId: GetDraftTimelines + parameters: + - in: query + name: timelineType + required: true + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the draft Timeline was successfully retrieved. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + If a draft Timeline was not found and we attempted to create one, it + indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + This should never happen, but if a draft Timeline was not found and + we attempted to create one, it indicates that there is already a + draft Timeline with the given `timelineId`. + summary: Get draft Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + post: + description: > + Create a clean draft Timeline or Timeline template for the current user. + + > info + + > If the user already has a draft Timeline, the existing draft Timeline + is cleared and returned. + operationId: CleanDraftTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + required: + - timelineType + description: >- + The type of Timeline to create. Valid values are `default` and + `template`. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that there is already a draft Timeline with the given + `timelineId`. + summary: Create a clean draft Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_export: + post: + description: Export Timelines as an NDJSON file. + operationId: ExportTimelines + parameters: + - description: The name of the file to export + in: query + name: file_name + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + description: The IDs of the Timelines to export. + required: true + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: NDJSON of the exported Timelines + type: string + description: Indicates the Timelines were successfully exported. + '400': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that the export size limit was exceeded. + summary: Export Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_favorite: + patch: + description: Favorite a Timeline or Timeline template for the current user. + operationId: PersistFavoriteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + description: The required fields used to favorite a (template) Timeline. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistFavorite: + $ref: >- + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + required: + - persistFavorite + required: + - data + description: Indicates the favorite status was successfully updated. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the user does not have the required permissions to persist + the favorite status. + summary: Favorite a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_import: + post: + description: Import Timelines. + operationId: ImportTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: {} + isImmutable: + enum: + - 'true' + - 'false' + type: string + required: + - file + description: The Timelines to import as a readable stream. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the import of Timelines was successful. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: >- + Indicates the import of Timelines was unsuccessful because of an + invalid file extension. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + statusCode: + type: number + description: >- + Indicates that we were unable to locate the saved object client + necessary to handle the import. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: Indicates the import of Timelines was unsuccessful. + summary: Import Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_prepackaged: + post: + description: Install or update prepackaged Timelines. + operationId: InstallPrepackedTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + prepackagedTimelines: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + description: The Timelines to install or update. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the installation of prepackaged Timelines was successful. + '500': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the installation of prepackaged Timelines was + unsuccessful. + summary: Install prepackaged Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/resolve: + get: + operationId: ResolveTimeline + parameters: + - description: The ID of the template timeline to resolve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the timeline to resolve + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + $ref: >- + #/components/schemas/Security_Timeline_API_ResolvedTimeline + required: + - data + - additionalProperties: false + type: object + description: The (template) Timeline has been found + '400': + description: The request is missing parameters + '404': + description: The (template) Timeline was not found + summary: Get an existing saved Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timelines: + get: + description: Get a list of all saved Timelines or Timeline templates. + operationId: GetTimelines + parameters: + - description: >- + If true, only timelines that are marked as favorites by the user are + returned. + in: query + name: only_user_favorite + schema: + enum: + - 'true' + - 'false' + nullable: true + type: string + - in: query + name: timeline_type + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + - in: query + name: sort_field + schema: + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' + - in: query + name: sort_order + schema: + enum: + - asc + - desc + type: string + - in: query + name: page_size + schema: + nullable: true + type: string + - in: query + name: page_index + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: status + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + customTemplateTimelineCount: + type: number + defaultTimelineCount: + type: number + elasticTemplateTimelineCount: + type: number + favoriteCount: + type: number + templateTimelineCount: + type: number + timeline: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + type: array + totalCount: + type: number + required: + - timeline + - totalCount + description: Indicates that the (template) Timelines were found and returned. + '400': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Bad request. The user supplied invalid data. + summary: Get Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + /s/{spaceId}/api/observability/slos: + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: The page to use for pagination, must be greater or equal than 1 + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + summary: Create an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/_delete_instances: + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + summary: Batch delete rollup and summary data + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}: + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/_reset: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/disable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/enable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO + tags: + - slo +components: + examples: + Alerting_get_health_response: + summary: Retrieve information about the health of the alerting framework. value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. + alerting_framework_health: + decryption_health: + status: ok + timestamp: '2023-01-13T01:28:00.280Z' + execution_health: + status: ok + timestamp: '2023-01-13T01:28:00.280Z' + read_health: + status: ok + timestamp: '2023-01-13T01:28:00.280Z' + has_permanent_encryption_key: true + is_sufficiently_secure: true + Alerting_get_rule_types_response: + summary: Retrieve rule types associated with Kibana machine learning features + value: + - action_groups: + - id: anomaly_score_match + name: Anomaly score matched the condition + - id: recovered + name: Recovered + action_variables: + context: + - description: The bucket timestamp of the anomaly + name: timestamp + - description: The bucket time of the anomaly in ISO8601 format + name: timestampIso8601 + - description: List of job IDs that triggered the alert + name: jobIds + - description: Alert info message + name: message + - description: Indicate if top hits contain interim results + name: isInterim + - description: Anomaly score at the time of the notification action + name: score + - description: Top records + name: topRecords + - description: Top influencers + name: topInfluencers + - description: URL to open in the Anomaly Explorer + name: anomalyExplorerUrl + useWithTripleBracesInTemplates: true + params: [] + state: [] + alerts: + context: ml.anomaly-detection + mappings: + fieldMap: + kibana.alert.anomaly_score: + array: false + type: double + required: false + kibana.alert.anomaly_timestamp: + array: false + type: date + required: false + kibana.alert.is_interim: + array: false + type: boolean + required: false + kibana.alert.job_id: + array: false + type: keyword + required: true + kibana.alert.top_influencers: + array: true + dynamic: false + type: object + properties: + influencer_field_name: + type: keyword + influencer_field_value: + type: keyword + influencer_score: + type: double + initial_influencer_score: + type: double + is_interim: + type: boolean + job_id: + type: keyword + timestamp: + type: date + required: false + kibana.alert.top_records: + array: true + dynamic: false + type: object + properties: + actual: + type: double + by_field_name: + type: keyword + by_field_value: + type: keyword + detector_index: + type: integer + field_name: + type: keyword + function: + type: keyword + initial_record_score: + type: double + is_interim: + type: boolean + job_id: + type: keyword + over_field_name: + type: keyword + over_field_value: + type: keyword + partition_field_name: + type: keyword + partition_field_value: + type: keyword + record_score: + type: double + timestamp: + type: date + typical: + type: double + required: false + shouldWrite: true + authorized_consumers: + alerts: + all: true + read: true + apm: + all: true + read: true + discover: + all: true + read: true + infrastructure: + all: true + read: true + logs: + all: true + read: true + ml: + all: true + read: true + monitoring: + all: true + read: true + siem: + all: true + read: true + slo: + all: true + read: true + stackAlerts: + all: true + read: true + uptime: + all: true + read: true + category: management + default_action_group_id: anomaly_score_match + does_set_recovery_context: true + enabled_in_license: true + has_alerts_mappings: true + has_fields_for_a_a_d: false + id: xpack.ml.anomaly_detection_alert + is_exportable: true + minimum_license_required: platinum + name: Anomaly detection alert + producer: ml + recovery_action_group: + id: recovered + name: Recovered + rule_task_timeout: 5m + - action_groups: + - id: anomaly_detection_realtime_issue + name: Issue detected + - id: recovered + name: Recovered + action_variables: + context: + - description: Results of the rule execution + name: results + - description: Alert info message + name: message + params: [] + state: [] + authorized_consumers: + alerts: + all: true + read: true + apm: + all: true + read: true + discover: + all: true + read: true + infrastructure: + all: true + read: true + logs: + all: true + read: true + ml: + all: true + read: true + monitoring: + all: true + read: true + siem: + all: true + read: true + slo: + all: true + read: true + stackAlerts: + all: true + read: true + uptime: + all: true + read: true + category: management + default_action_group_id: anomaly_detection_realtime_issue + does_set_recovery_context: true + enabled_in_license: true + has_alerts_mappings: false + has_fields_for_a_a_d: false + id: xpack.ml.anomaly_detection_jobs_health + is_exportable: true + minimum_license_required: platinum + name: Anomaly detection jobs health + producer: ml + recovery_action_group: + id: recovered + name: Recovered + rule_task_timeout: 5m + Cases_add_comment_request: + summary: Adds a comment to a case. value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: + comment: A new comment. + owner: cases + type: user + Cases_add_comment_response: summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: 'emit(doc["bar"].value)' - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. + The add comment to case API returns a JSON object that contains details + about the case and its comments. value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Saved_objects_export_objects_request: - summary: Export a specific saved object. + assignees: [] + category: null + closed_at: null + closed_by: null + comments: + - comment: A new comment. + created_at: '2022-10-02T00:49:47.716Z' + created_by: + email: null + full_name: null + username: elastic + id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: cases + type: user + version: WzIwNDMxLDFd + connector: + fields: null + id: none + name: none + type: .none + created_at: '2022-03-24T00:37:03.906Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: Field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: true + description: A case description. + duration: null + external_service: null + id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 + owner: cases + settings: + syncAlerts: false + severity: low + status: open + tags: + - tag 1 + title: Case title 1 + totalAlerts: 0 + totalComment: 1 + updated_at: '2022-06-03T00:49:47.716Z' + updated_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzIzMzgsMV0= + Cases_create_case_request: + summary: Create a security case that uses a Jira connector. value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Saved_objects_export_objects_response: + connector: + fields: + issueType: '10006' + parent: null + priority: High + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + description: A case description. + owner: cases + settings: + syncAlerts: true + tags: + - tag-1 + title: Case title 1 + Cases_create_case_response: summary: >- - The export objects API response contains a JSON record for each exported - object. + The create case API returns a JSON object that contains details about + the case. value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Saved_objects_import_objects_request: + assignees: [] + closed_at: null + closed_by: null + comments: [] + connector: + fields: + issueType: '10006' + parent: null + priority: High + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + created_at: '2022-10-13T15:33:50.604Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + description: A case description. + duration: null + external_service: null + id: 66b9aa00-94fa-11ea-9f74-e7e108796192 + owner: cases + settings: + syncAlerts: true + severity: low + status: open + tags: + - tag 1 + title: Case title 1 + totalAlerts: 0 + totalComment: 0 + updated_at: null + updated_by: null + version: WzUzMiwxXQ== + Cases_find_case_activity_response: + summary: Retrieves all activity for a case value: - file: file.ndjson - Saved_objects_import_objects_response: + page: 1 + perPage: 20 + total: 3 + userActions: + - action: create + comment_id: null + created_at: '2023-10-20T01:17:22.150Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: b4cd0770-07c9-11ed-a5fd-47154cb8767e + owner: cases + payload: + assignees: [] + category: null + connector: + fields: null + id: none + name: none + type: .none + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + description: A case description. + owner: cases + settings: + syncAlerts: false + severity: low + status: open + tags: + - tag 1 + title: Case title 1 + type: create_case + version: WzM1ODg4LDFd + - action: create + comment_id: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: '2023-10-14T20:12:53.354Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: 57af14a0-03b1-11ed-920c-974bfa104448 + owner: cases + payload: + comment: A new comment + owner: cases + type: user + type: comment + version: WzM1ODg4LDFa + - action: add + comment_id: null + created_at: '2023-10-20T01:10:28.238Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: 573c6980-6123-11ed-aa41-81a0a61fe447 + owner: cases + payload: + assignees: + uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + type: assignees + version: WzM1ODg4LDFb + Cases_find_case_response: summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - Saved_objects_key_rotation_response: - summary: Encryption key rotation using default parameters. + Retrieve the first five cases with the `tag-1` tag, in ascending order + by last update time. value: - failed: 0 - successful: 300 - total: 1000 - Saved_objects_resolve_missing_reference_request: + cases: + - assignees: [] + category: null + closed_at: null + closed_by: null + comments: [] + connector: + fields: null + id: none + name: none + type: .none + created_at: '2023-10-12T00:16:36.371Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + description: Case description + duration: null + external_service: null + id: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + owner: cases + settings: + syncAlerts: true + severity: low + status: open + tags: + - tag-1 + title: Case title + totalAlerts: 0 + totalComment: 1 + updated_at: '2023-10-12T00:27:58.162Z' + updated_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzExMCwxXQ== + count_closed_cases: 0 + count_in_progress_cases: 0 + count_open_cases: 1 + page: 1 + per_page: 5 + total: 1 + Cases_find_connector_response: + summary: Retrieve information about the connectors and their settings. value: - file: file.ndjson - retries: - - id: my-pattern - overwrite: true - type: index-pattern - - destinationId: another-vis - id: my-vis - overwrite: true - type: visualization - - destinationId: yet-another-canvas - id: my-canvas - overwrite: true - type: canvas - - id: my-dashboard - type: dashboard - Saved_objects_resolve_missing_reference_response: - summary: Resolve missing reference errors. + - actionTypeId: .jira + config: + apiUrl: https://elastic.atlassian.net/ + projectKey: ES + id: 61787f53-4eee-4741-8df6-8fe84fa616f7 + isDeprecated: false + isMissingSecrets: false + isPreconfigured: false + name: my-Jira + referencedByCount: 0 + Cases_get_case_alerts_response: + summary: Retrieves all alerts attached to a case value: - success: true - successCount: 3 - successResults: - - id: my-vis - meta: - icon: visualizeApp - title: Look at my visualization - type: visualization - - id: my-search - meta: - icon: searchApp - title: Look at my search - type: search - - id: my-dashboard - meta: - icon: dashboardApp - title: Look at my dashboard - type: dashboard - parameters: - Alerting_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_alert_id: - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - type: string - Cases_assignees_filter: - description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. - in: query - name: assignees - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_case_id: - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. - in: path - name: caseId - required: true - schema: - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - type: string - Cases_category: - description: Filters the returned cases by category. - in: query - name: category - schema: - oneOf: - - $ref: '#/components/schemas/Cases_case_category' - - $ref: '#/components/schemas/Cases_case_categories' - Cases_comment_id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. - in: path - name: commentId - required: true - schema: - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - type: string - Cases_configuration_id: - description: An identifier for the configuration. - in: path - name: configurationId - required: true - schema: - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - type: string - Cases_connector_id: - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. - in: path - name: connectorId - required: true - schema: - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - type: string - Cases_defaultSearchOperator: - description: he default operator to use for the simple_query_string. - example: OR - in: query - name: defaultSearchOperator - schema: - default: OR - type: string - Cases_from: - description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. - in: query - name: from - schema: - example: now-1d - type: string - Cases_ids: - description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - in: query - name: ids - required: true - schema: - items: - maxItems: 100 - minItems: 1 - type: string - type: array - Cases_includeComments: - deprecated: true - description: >- - Deprecated in 8.1.0. This parameter is deprecated and will be removed in - a future release. It determines whether case comments are returned. - in: query - name: includeComments - schema: - default: true - type: boolean - Cases_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_owner_filter: - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. - example: cases - in: query - name: owner - schema: - oneOf: - - $ref: '#/components/schemas/Cases_owner' - - $ref: '#/components/schemas/Cases_owners' - Cases_page_index: - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - type: integer - Cases_page_size: - description: The number of items to return. Limited to 100 items. - in: query - name: perPage - required: false - schema: - default: 20 - maximum: 100 - type: integer - Cases_reporters: - description: Filters the returned cases by the user name of the reporter. - example: elastic - in: query - name: reporters - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_search: - description: >- - An Elasticsearch simple_query_string query that filters the objects in - the response. - in: query - name: search - schema: - type: string - Cases_searchFields: - description: The fields to perform the simple_query_string parsed query against. - in: query - name: searchFields - schema: - oneOf: - - $ref: '#/components/schemas/Cases_searchFieldsType' - - $ref: '#/components/schemas/Cases_searchFieldsTypeArray' - Cases_severity: - description: The severity of the case. - in: query - name: severity - schema: - enum: - - critical - - high - - low - - medium - type: string - Cases_sort_order: - description: Determines the sort order. - in: query - name: sortOrder - required: false - schema: - default: desc - enum: - - asc - - desc - type: string - Cases_sortField: - description: Determines which field is used to sort the results. - example: updatedAt - in: query - name: sortField - schema: - default: createdAt - enum: - - createdAt - - updatedAt - - closedAt - - title - - category - - status - - severity - type: string - Cases_status: - description: Filters the returned cases by state. - example: open - in: query - name: status - schema: - enum: - - closed - - in-progress - - open - type: string - Cases_tags: - description: Filters the returned cases by tags. - example: tag-1 - in: query - name: tags - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_to: - description: > - Returns only cases that were created before a specific date. The date - must be specified as a KQL data range or date match expression. - example: now+1d - in: query - name: to - schema: - type: string - Cases_user_action_types: - description: Determines the types of user actions to return. - example: create_case - in: query - name: types - schema: - items: - enum: - - action - - alert - - assignees - - attachment - - comment - - connector - - create_case - - description - - pushed - - settings - - severity - - status - - tags - - title - - user - type: string - type: array - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Fleet_format: - description: Simplified or legacy format for package inputs - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - Fleet_kbn_xsrf: - description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. - in: header - name: kbn-xsrf - required: true - schema: - type: string - Fleet_kuery: - in: query - name: kuery - required: false - schema: - type: string - Fleet_page_index: - in: query - name: page - required: false - schema: - default: 1 - type: integer - Fleet_page_size: - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - type: integer - Fleet_show_inactive: - in: query - name: showInactive - required: false - schema: - type: boolean - Fleet_show_upgradeable: - in: query - name: showUpgradeable - required: false - schema: - type: boolean - Fleet_sort_field: - in: query - name: sortField - required: false - schema: - deprecated: true - type: string - Fleet_sort_order: - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - Fleet_with_metrics: - description: 'Return agent metrics, false by default' - in: query - name: withMetrics - required: false - schema: - type: boolean - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Saved_objects_saved_object_id: - description: An identifier for the saved object. - in: path - name: id - required: true - schema: - type: string - Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - in: path - name: type - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Fleet_error: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - schemas: - Alerting_401_response: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unsuccessful rule API response - type: object - Alerting_alert_response_properties: - title: Legacy alert response properties - type: object - properties: - actions: - items: - type: object - type: array - alertTypeId: - example: .index-threshold - type: string - apiKeyOwner: - example: elastic - nullable: true - type: string - createdAt: - description: The date and time that the alert was created. - example: '2022-12-05T23:36:58.284Z' - format: date-time - type: string - createdBy: - description: The identifier for the user that created the alert. - example: elastic - type: string - enabled: - description: Indicates whether the alert is currently enabled. - example: true - type: boolean - executionStatus: - type: object - properties: - lastExecutionDate: - example: '2022-12-06T00:13:43.890Z' - format: date-time - type: string - status: - example: ok - type: string - id: - description: The identifier for the alert. - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string - muteAll: - example: false - type: boolean - mutedInstanceIds: - items: - type: string - nullable: true - type: array - name: - description: The name of the alert. - example: my alert - type: string - notifyWhen: - example: onActionGroupChange - type: string - params: - additionalProperties: true - type: object - schedule: - type: object - properties: - interval: - type: string - scheduledTaskId: - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string + - attached_at: '2022-07-25T20:09:40.963Z' + id: f6a7d0c3-d52d-432c-b2e6-447cd7fce04d + index: .alerts-observability.logs.alerts-default + Cases_get_case_configuration_response: + summary: Get the case configuration. + value: + - closure_type: close-by-user + connector: + fields: null + id: none + name: none + type: .none + created_at: '2024-07-01T17:07:17.767Z' + created_by: + email: null + full_name: null + username: elastic + customFields: + - defaultValue: Custom text field value. + key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + type: text + required: false + error: null + id: 856ee650-6c82-11ee-a20a-6164169afa58 + mappings: [] + owner: cases + templates: + - caseFields: + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + category: Default-category + connector: + fields: null + id: none + name: none + type: .none + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: Default text field value. + description: A default description for cases. + settings: + syncAlerts: false + tags: + - Default case tag + title: Default case title + description: A description of the template. + key: 505932fe-ee3a-4960-a661-c781b5acdb05 + name: template-1 + tags: + - Template tag 1 + updated_at: null + updated_by: null + version: WzEyLDNd + Cases_get_case_observability_response: + summary: >- + Retrieves information about an Observability case including its alerts + and comments. + value: + assignees: + - uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + category: null + closed_at: null + closed_by: null + comments: + - alertId: + - a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + created_at: '2023-11-06T19:29:38.424Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: 59d438d0-79a9-4864-8d4b-e63adacebf6e + index: + - .internal.alerts-observability.logs.alerts-default-000001 + owner: observability + pushed_at: null + pushed_by: null + rule: + id: 03e4eb87-62ca-4e5d-9570-3d7625e9669d + name: Observability rule + type: alert + updated_at: null + updated_by: null + version: WzY3LDJd + - comment: The first comment. + created_at: '2023-11-06T19:29:57.812Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: d99342d3-3aa3-4b80-90ec-a702607604f5 + owner: observability + pushed_at: null + pushed_by: null + type: user + updated_at: null + updated_by: null + version: WzcyLDJd + connector: + fields: null + id: none + name: none + type: .none + created_at: '2023-11-06T19:29:04.086Z' + created_by: + email: null + full_name: null + username: elastic + customFields: [] + description: An Observability case description. + duration: null + external_service: null + id: c3ff7550-def1-4e90-b6bc-c9969a4a09b1 + owner: observability + settings: + syncAlerts: false + severity: low + status: in-progress tags: - items: - type: string - type: array - throttle: - nullable: true - type: string - updatedAt: - example: '2022-12-05T23:36:58.284Z' - type: string - updatedBy: - description: The identifier for the user that updated this alert most recently. - example: elastic - nullable: true - type: string - Alerting_fieldmap_properties: - title: Field map objects in the get rule types response - type: object - properties: - array: - description: Indicates whether the field is an array. - type: boolean - dynamic: - description: Indicates whether it is a dynamic field mapping. - type: boolean - format: - description: > - Indicates the format of the field. For example, if the `type` is - `date_range`, the `format` can be - `epoch_millis||strict_date_optional_time`. - type: string - ignore_above: - description: >- - Specifies the maximum length of a string field. Longer strings are - not indexed or stored. - type: integer - index: - description: Indicates whether field values are indexed. - type: boolean - path: - description: TBD - type: string - properties: - additionalProperties: - type: object - properties: - type: - description: The data type for each object property. - type: string - description: > - Details about the object properties. This property is applicable - when `type` is `object`. - type: object - required: - description: Indicates whether the field is required. - type: boolean - scaling_factor: - description: > - The scaling factor to use when encoding values. This property is - applicable when `type` is `scaled_float`. Values will be multiplied - by this factor at index time and rounded to the closest long value. - type: integer - type: - description: Specifies the data type for the field. - example: scaled_float - type: string - Cases_4xx_response: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful cases API response - type: object - Cases_action_types: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - Cases_actions: - enum: - - add - - create - - delete - - push_to_service - - update - example: create - type: string - Cases_add_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. - type: object - properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. - enum: - - alert - example: alert - type: string - required: - - alertId - - index - - owner - - rule - - type - title: Add case comment request properties for alerts - Cases_add_case_comment_request: - description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_add_alert_comment_request_properties' - user: '#/components/schemas/Cases_add_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' - title: Add case comment request - Cases_add_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - description: The type of comment. - enum: - - user - example: user - type: string - required: - - comment - - owner - - type - title: Add case comment request properties for user comments - type: object - Cases_alert_comment_response_properties: - title: Add case comment response properties for alerts - type: object - properties: - alertId: - items: - example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - type: string - type: array - created_at: - example: '2023-11-06T19:29:38.424Z' - format: date-time - type: string + - observability + - tag 1 + title: Observability case title 1 + totalAlerts: 1 + totalComment: 1 + updated_at: '2023-11-06T19:47:55.662Z' + updated_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzI0NywyXQ== + Cases_get_case_response: + summary: Retrieves information about a case including its comments. + value: + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + category: null + closed_at: null + closed_by: null + comments: + - comment: A new comment + created_at: '2023-10-13T15:40:32.335Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: 2134c1d0-02c2-11ed-85f2-4f7c222ca2fa + owner: cases + pushed_at: null + pushed_by: null + type: user + updated_at: null + updated_by: null + version: WzM3LDFd + connector: + fields: null + id: none + name: none + type: .none + created_at: '2023-10-13T15:33:50.604Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: null + description: A case description + duration: null + external_service: null + id: 31cdada0-02c1-11ed-85f2-4f7c222ca2fa + owner: cases + settings: + syncAlerts: true + severity: low + status: open + tags: + - tag 1 + title: Case title 1 + totalAlerts: 0 + totalComment: 1 + updated_at: '2023-10-13T15:40:32.335Z' + updated_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzM2LDFd + Cases_get_comment_response: + summary: A single user comment retrieved from a case + value: + comment: A new comment + created_at: '2023-10-07T19:32:13.104Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: 8048b460-fe2b-11ec-b15d-779a7c8bbcc3 + owner: cases + pushed_at: null + pushed_by: null + type: user + updated_at: null + updated_by: null + version: WzIzLDFd + Cases_get_reporters_response: + summary: A list of two users that opened cases + value: + - email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + - email: jdoe@example.com + full_name: Jane Doe + profile_uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + username: jdoe + Cases_get_tags_response: + summary: A list of tags that are used in cases + value: + - observability + - security + - tag 1 + - tag 2 + Cases_push_case_response: + summary: >- + The push case API returns a JSON object with details about the case and + the external service. + value: + closed_at: null + closed_by: null + comments: [] + connector: + fields: + issueType: '10006' + parent: null + priority: Low + id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 + name: My connector + type: .jira + created_at: '2022-07-29T00:59:39.444Z' + created_by: + email: null + full_name: null + username: elastic + description: A case description. + duration: null + external_service: + connector_id: 09f8c0b0-0eda-11ed-bd18-65557fe66949 + connector_name: My connector + external_id: '71926' + external_title: ES-554 + external_url: https://cases.jira.com + pushed_at: '2022-07-29T01:20:58.436Z' + pushed_by: + email: null + full_name: null + username: elastic + id: b917f300-0ed9-11ed-bd18-65557fe66949 + owner: cases + settings: + syncAlerts: true + severity: low + status: open + tags: + - tag 1 + title: Case title 1 + totalAlerts: 0 + totalComment: 0 + updated_at: '2022-07-29T01:20:58.436Z' + updated_by: + email: null + full_name: null + username: elastic + version: WzE3NjgsM10= + Cases_set_case_configuration_request: + summary: >- + Set the closure type, custom fields, and default connector for Stack + Management cases. + value: + closure_type: close-by-user + connector: + fields: null + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + customFields: + - defaultValue: My custom field default value. + key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + type: text + required: false + owner: cases + templates: + - caseFields: + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + category: Default-category + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: A text field value for the template. + description: A default description for cases. + tags: + - Default case tag + title: Default case title + description: A description of the template. + key: 505932fe-ee3a-4960-a661-c781b5acdb05 + name: template-1 + tags: + - Template tag 1 + Cases_set_case_configuration_response: + summary: This is an example response for case settings. + value: + closure_type: close-by-user + connector: + fields: null + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + created_at: '2024-07-01T17:07:17.767Z' + created_by: + email: null, + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - defaultValue: My custom field default value. + key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + type: text + required: false + error: null + id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: + - action_type: overwrite + source: title + target: summary + - action_type: overwrite + source: description + target: description + - action_type: append + source: comments + target: comments + - action_type: overwrite + source: tags + target: labels + owner: cases + templates: + - caseFields: + assignees: + - uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + category: Default-category + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: A text field value for the template. + description: A default description for cases. + tags: + - Default case tag + title: Default case title + description: A description of the template. + key: 505932fe-ee3a-4960-a661-c781b5acdb05 + name: template-1 + tags: + - Template tag 1 + updated_at: null + updated_by: null + version: WzIwNzMsMV0= + Cases_update_case_configuration_request: + summary: Update the case settings. + value: + closure_type: close-by-user + connector: + fields: null + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + customFields: + - defaultValue: A new default value. + key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + type: text + required: true + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + label: my-toggle + type: toggle + required: false + version: WzExOSw0XQ== + Cases_update_case_configuration_response: + summary: This is an example response when the case configuration was updated. + value: + closure_type: close-by-user + connector: + fields: null + id: 5e656730-e1ca-11ec-be9b-9b1838238ee6 + name: my-jira-connector + type: .jira + created_at: '2024-07-01T17:07:17.767Z' created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - id: - example: 73362370-ab1a-11ec-985f-97e55adae8b9 - type: string - index: - items: - example: .internal.alerts-security.alerts-default-000001 - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - pushed_at: - example: null - format: date-time - nullable: true - type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert - example: alert - type: string - updated_at: - format: date-time - nullable: true - type: string + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - defaultValue: A new default value. + key: d312efda-ec2b-42ec-9e2c-84981795c581 + label: my-text-field + type: text + required: true + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + label: my-toggle + type: toggle + required: false + error: null + id: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + mappings: + - action_type: overwrite + source: title + target: summary + - action_type: overwrite + source: description + target: description + - action_type: overwrite + source: tags + target: labels + - action_type: append + source: comments + target: comments + owner: cases + templates: [] + updated_at: '2024-07-19T00:52:42.401Z' updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzMwNDgsMV0= - type: string - required: - - type - Cases_alert_identifiers: - description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert identifiers - x-technical-preview: true - Cases_alert_indices: - description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert indices - x-technical-preview: true - Cases_alert_response_properties: - type: object - properties: - attached_at: - format: date-time - type: string - id: - description: The alert identifier. - type: string - index: - description: The alert index. - type: string - Cases_assignees: - description: An array containing users that are assigned to the case. - items: - type: object - properties: - uid: - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - type: string - required: - - uid - maxItems: 10 - nullable: true - type: array - Cases_case_categories: - items: - $ref: '#/components/schemas/Cases_case_category' - maxItems: 100 - type: array - Cases_case_category: - description: A word or phrase that categorizes the case. - maxLength: 50 - type: string - Cases_case_description: - description: The description for the case. - maxLength: 30000 - type: string - Cases_case_response_closed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - title: Case response properties for closed_by - type: object - Cases_case_response_created_by_properties: - title: Case response properties for created_by - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - Cases_case_response_properties: - title: Case response properties - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - description: The case category. - nullable: true - type: string - closed_at: - format: date-time - nullable: true - type: string - closed_by: - $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzI2LDNd + Cases_update_case_request: + summary: Update the case description, tags, and connector. + value: + cases: + - connector: + fields: + issueType: '10006' + parent: null + priority: null + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + customFields: + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: false + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My new field value + description: A case description. + id: a18b38a0-71b0-11ea-a0b2-c51ea50a58e2 + settings: + syncAlerts: true + tags: + - tag-1 + version: WzIzLDFd + Cases_update_case_response: + summary: >- + This is an example response when the case description, tags, and + connector were updated. + value: + - assignees: [] + category: null + closed_at: null + closed_by: null + comments: [] + connector: + fields: + issueType: '10006' + parent: null + priority: null + id: 131d4448-abe0-4789-939d-8ef60680b498 + name: My connector + type: .jira + created_at: '2023-10-13T09:16:17.416Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + customFields: + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My new field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: false + description: A case description. + duration: null + external_service: + connector_id: 05da469f-1fde-4058-99a3-91e4807e2de8 + connector_name: Jira + external_id: '10003' + external_title: IS-4 + external_url: https://hms.atlassian.net/browse/IS-4 + pushed_at: '2023-10-13T09:20:40.672Z' + pushed_by: + email: null + full_name: null + username: elastic + id: 66b9aa00-94fa-11ea-9f74-e7e108796192 + owner: cases + settings: + syncAlerts: true + severity: low + status: open + tags: + - tag-1 + title: Case title 1 + totalAlerts: 0 + totalComment: 0 + updated_at: '2023-10-13T09:48:33.043Z' + updated_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzU0OCwxXQ== + Cases_update_comment_request: + summary: Updates a comment of a case. + value: + comment: An updated comment. + id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: cases + type: user + version: Wzk1LDFd + Cases_update_comment_response: + summary: >- + The add comment to case API returns a JSON object that contains details + about the case and its comments. + value: + assignees: [] + category: null + closed_at: null + closed_by: null comments: - description: An array of comment objects for the case. - items: - discriminator: - mapping: - alert: '#/components/schemas/Cases_alert_comment_response_properties' - user: '#/components/schemas/Cases_user_comment_response_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' - maxItems: 10000 - title: Case response properties for comments - type: array + - comment: An updated comment. + created_at: '2023-10-24T00:37:10.832Z' + created_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + id: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: cases + pushed_at: null + pushed_by: null + type: user + updated_at: '2023-10-24T01:27:06.210Z' + updated_by: + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzIwNjM3LDFd connector: - discriminator: - mapping: - .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' - .jira: '#/components/schemas/Cases_connector_properties_jira' - .none: '#/components/schemas/Cases_connector_properties_none' - .resilient: '#/components/schemas/Cases_connector_properties_resilient' - .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' - .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' - .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - title: Case response properties for connectors - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string + fields: null + id: none + name: none + type: .none + created_at: '2023-10-24T00:37:03.906Z' created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic customFields: - description: Custom field values for the case. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - type: array - description: - example: A case description. - type: string - duration: - description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. - example: 120 - nullable: true - type: integer - external_service: - $ref: '#/components/schemas/Cases_external_service' - id: - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' + - key: d312efda-ec2b-42ec-9e2c-84981795c581 + type: text + value: My new field value + - key: fcc6840d-eb14-42df-8aaf-232201a705ec + type: toggle + value: false + description: A case description. + duration: null + external_service: null + id: 293f1bc0-74f6-11ea-b83a-553aecdb28b6 + owner: cases settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' + syncAlerts: false + severity: low + status: open tags: - example: - - tag-1 - items: - type: string - type: array - title: - example: Case title 1 - type: string - totalAlerts: - example: 0 - type: integer - totalComment: - example: 0 - type: integer - updated_at: - format: date-time - nullable: true - type: string + - tag 1 + title: Case title 1 + totalAlerts: 0 + totalComment: 1 + updated_at: '2023-10-24T01:27:06.210Z' updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzUzMiwxXQ== - type: string - required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by - - version - Cases_case_response_pushed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - title: Case response properties for pushed_by - type: object - Cases_case_response_updated_by_properties: - nullable: true - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - title: Case response properties for updated_by - type: object - Cases_case_severity: - default: low - description: The severity of the case. - enum: - - critical - - high - - low - - medium - type: string - Cases_case_status: - description: The status of the case. - enum: - - closed - - in-progress - - open - type: string - Cases_case_tags: - description: > - The words and phrases that help categorize cases. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_case_title: - description: A title for the case. - maxLength: 160 - type: string - Cases_closure_types: - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - type: string - Cases_connector_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. - type: object - properties: - fields: - example: null - nullable: true - type: string - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string - required: - - fields - - id - - name - - type - title: Create or upate case request properties for Cases Webhook connector - Cases_connector_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - issueType: - description: The type of issue. - nullable: true + email: null + full_name: null + profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 + username: elastic + version: WzIwNjM2LDFd + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. + value: + data_view: + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: emit(doc['shape_name'].value) + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: emit(doc["foo"].value) + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: $0,0.00 + products.base_unit_price: + id: number + params: + pattern: $0,0.00 + products.min_price: + id: number + params: + pattern: $0,0.00 + products.price: + id: number + params: + pattern: $0,0.00 + products.taxful_price: + id: number + params: + pattern: $0,0.00 + products.taxless_price: + id: number + params: + pattern: $0,0.00 + taxful_total_price: + id: number + params: + pattern: $0,0.[00] + taxless_total_price: + id: number + params: + pattern: $0,0.00 + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name + type: string + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - parent: - description: 'The key of the parent issue, when the issue type is sub-task.' - nullable: true + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - priority: - description: The priority of the issue. - nullable: true + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name type: string - required: - - issueType - - parent - - priority - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .jira - example: .jira - type: string - required: - - fields - - id - - name - - type - title: Create or update case request properties for a Jira connector - Cases_connector_properties_none: - description: Defines properties for connectors when type is `.none`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. - example: null - nullable: true - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. - example: none - type: string - type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. - enum: - - .none - example: .none - type: string - required: - - fields - - id - - name - - type - title: Create or update case request properties for no connector - Cases_connector_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - nullable: true - type: object - properties: - issueTypes: - description: The type of incident. - items: - type: string - type: array - severityCode: - description: The severity code of the incident. + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - issueTypes - - severityCode - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a IBM Resilient connector - Cases_connector_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - impact: - description: The effect an incident had on business. - nullable: true + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - severity: - description: The severity of the incident. - nullable: true + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - subcategory: - description: The subcategory of the incident. - nullable: true + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer + type: string + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id + type: string + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer type: string - urgency: - description: The extent to which the incident resolution can be delayed. - nullable: true + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - category - - impact - - severity - - subcategory - - urgency - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow ITSM connector - Cases_connector_properties_servicenow_sir: - description: Defines properties for connectors when type is `.servicenow-sir`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. - nullable: true - type: boolean - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. - nullable: true - type: boolean - priority: - description: The priority of the issue. - nullable: true + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident. - nullable: true + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow SecOps connector - Cases_connector_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - nullable: true + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - required: - - caseId - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a Swimlane connector - Cases_connector_types: - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - type: string - Cases_create_case_request: - description: >- - The create case API request body varies depending on the type of - connector. - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - required: - - connector - - description - - owner - - settings - - tags - - title - title: Create case request - type: object - Cases_external_service: - nullable: true - type: object - properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - format: date-time - type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - full_name: - example: null - nullable: true + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: + data_view: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: $0,0.[00] + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false type: string - username: - example: elastic - nullable: true + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - Cases_owner: - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - type: string - Cases_owners: - items: - $ref: '#/components/schemas/Cases_owner' - type: array - Cases_payload_alert_comment: - type: object - properties: - comment: - type: object - properties: - alertId: - oneOf: - - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: string - - items: - type: string - type: array - index: - oneOf: - - example: .alerts-observability.logs.alerts-default - type: string - - items: - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - Cases_payload_assignees: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - Cases_payload_connector: - type: object - properties: - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - Cases_payload_create_case: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - description: - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - items: - example: - - tag-1 - type: string - type: array - title: - type: string - Cases_payload_delete: - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. - nullable: true - type: object - Cases_payload_description: - type: object - properties: - description: - type: string - Cases_payload_pushed: - type: object - properties: - externalService: - $ref: '#/components/schemas/Cases_external_service' - Cases_payload_settings: - type: object - properties: - settings: - $ref: '#/components/schemas/Cases_settings' - Cases_payload_severity: - type: object - properties: - severity: - $ref: '#/components/schemas/Cases_case_severity' - Cases_payload_status: - type: object - properties: - status: - $ref: '#/components/schemas/Cases_case_status' - Cases_payload_tags: - type: object - properties: - tags: - example: - - tag-1 - items: - type: string - type: array - Cases_payload_title: - type: object - properties: - title: - type: string - Cases_payload_user_comment: - type: object - properties: - comment: - type: object - properties: - comment: + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - enum: - - user + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightDelayType + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - Cases_rule: - description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Alerting rule - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - x-technical-preview: true - Cases_searchFieldsType: - description: The fields to perform the `simple_query_string` parsed query against. - enum: - - description - - title - type: string - Cases_searchFieldsTypeArray: - items: - $ref: '#/components/schemas/Cases_searchFieldsType' - type: array - Cases_set_case_configuration_request: - description: >- - External connection details, such as the closure type and default - connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none + FlightNum: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightNum + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - maxItems: 10 - minItems: 0 - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - required: - - closure_type - - connector - - owner - title: Set case configuration request - type: object - Cases_settings: - description: An object that contains the case settings. - type: object - properties: - syncAlerts: - description: Turns alert syncing on or off. - example: true - type: boolean - required: - - syncAlerts - Cases_string: - type: string - Cases_string_array: - items: - $ref: '#/components/schemas/Cases_string' - maxItems: 100 - type: array - Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_templates: - items: - type: object - properties: - caseFields: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - description: Custom field values in the template. - items: - type: object - properties: - key: - description: The unique key for the custom field. - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - value: - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - type: array - x-technical-preview: true - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - description: A description for the template. - type: string - key: - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. - type: string - name: - description: The name of the template. - type: string - tags: - $ref: '#/components/schemas/Cases_template_tags' - type: array - x-technical-preview: true - Cases_update_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. - type: object - properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. - enum: - - alert - example: alert - type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd - type: string - required: - - alertId - - id - - index - - owner - - rule - - type - - version - title: Update case comment request properties for alerts - Cases_update_case_comment_request: - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_update_alert_comment_request_properties' - user: '#/components/schemas/Cases_update_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' - title: Update case comment request - Cases_update_case_configuration_request: - description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none + FlightTimeMin: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Origin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none + OriginAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - type: array - templates: - $ref: '#/components/schemas/Cases_templates' - version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. - example: WzIwMiwxXQ== - type: string - required: - - version - title: Update case configuration request - type: object - Cases_update_case_request: + OriginCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: emit(doc["bar"].value) + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Saved_objects_import_objects_request: + value: + file: file.ndjson + Saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + Saved_objects_key_rotation_response: + summary: Encryption key rotation using default parameters. + value: + failed: 0 + successful: 300 + total: 1000 + Saved_objects_resolve_missing_reference_request: + value: + file: file.ndjson + retries: + - id: my-pattern + overwrite: true + type: index-pattern + - destinationId: another-vis + id: my-vis + overwrite: true + type: visualization + - destinationId: yet-another-canvas + id: my-canvas + overwrite: true + type: canvas + - id: my-dashboard + type: dashboard + Saved_objects_resolve_missing_reference_response: + summary: Resolve missing reference errors. + value: + success: true + successCount: 3 + successResults: + - id: my-vis + meta: + icon: visualizeApp + title: Look at my visualization + type: visualization + - id: my-search + meta: + icon: searchApp + title: Look at my search + type: search + - id: my-dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + type: dashboard + parameters: + Alerting_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Cases_alert_id: + description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + type: string + Cases_assignees_filter: + description: > + Filters the returned cases by assignees. Valid values are `none` or + unique identifiers for the user profiles. These identifiers can be found + by using the suggest user profile API. + in: query + name: assignees + schema: + oneOf: + - $ref: '#/components/schemas/Cases_string' + - $ref: '#/components/schemas/Cases_string_array' + Cases_case_id: description: >- - The update case API request body varies depending on the type of - connector. - properties: - cases: - description: An array containing one or more case objects. - items: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - maxLength: 30000 - type: string - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: - description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. - type: string - required: - - id - - version + The identifier for the case. To retrieve case IDs, use the find cases + API. All non-ASCII characters must be URL encoded. + in: path + name: caseId + required: true + schema: + example: 9c235210-6834-11ea-a78c-6ffb38a34414 + type: string + Cases_category: + description: Filters the returned cases by category. + in: query + name: category + schema: + oneOf: + - $ref: '#/components/schemas/Cases_case_category' + - $ref: '#/components/schemas/Cases_case_categories' + Cases_comment_id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + case or find cases APIs. + in: path + name: commentId + required: true + schema: + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + type: string + Cases_configuration_id: + description: An identifier for the configuration. + in: path + name: configurationId + required: true + schema: + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + type: string + Cases_connector_id: + description: >- + An identifier for the connector. To retrieve connector IDs, use the find + connectors API. + in: path + name: connectorId + required: true + schema: + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + type: string + Cases_defaultSearchOperator: + description: he default operator to use for the simple_query_string. + example: OR + in: query + name: defaultSearchOperator + schema: + default: OR + type: string + Cases_from: + description: > + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + in: query + name: from + schema: + example: now-1d + type: string + Cases_ids: + description: > + The cases that you want to removed. All non-ASCII characters must be URL + encoded. + example: d4e7abb0-b462-11ec-9a8d-698504725a43 + in: query + name: ids + required: true + schema: + items: maxItems: 100 minItems: 1 - type: array - required: - - cases - title: Update case request - type: object - Cases_update_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 - type: string - id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - description: The type of comment. - enum: - - user - example: user - type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd - type: string - required: - - comment - - id - - owner - - type - - version - title: Update case comment request properties for user comments - type: object - Cases_user_actions_find_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 type: string - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - description: The type of action. + type: array + Cases_includeComments: + deprecated: true + description: >- + Deprecated in 8.1.0. This parameter is deprecated and will be removed in + a future release. It determines whether case comments are returned. + in: query + name: includeComments + schema: + default: true + type: boolean + Cases_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Cases_owner_filter: + description: > + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + example: cases + in: query + name: owner + schema: + oneOf: + - $ref: '#/components/schemas/Cases_owner' + - $ref: '#/components/schemas/Cases_owners' + Cases_page_index: + description: The page number to return. + in: query + name: page + required: false + schema: + default: 1 + type: integer + Cases_page_size: + description: The number of items to return. Limited to 100 items. + in: query + name: perPage + required: false + schema: + default: 20 + maximum: 100 + type: integer + Cases_reporters: + description: Filters the returned cases by the user name of the reporter. + example: elastic + in: query + name: reporters + schema: + oneOf: + - $ref: '#/components/schemas/Cases_string' + - $ref: '#/components/schemas/Cases_string_array' + Cases_search: + description: >- + An Elasticsearch simple_query_string query that filters the objects in + the response. + in: query + name: search + schema: + type: string + Cases_searchFields: + description: The fields to perform the simple_query_string parsed query against. + in: query + name: searchFields + schema: + oneOf: + - $ref: '#/components/schemas/Cases_searchFieldsType' + - $ref: '#/components/schemas/Cases_searchFieldsTypeArray' + Cases_severity: + description: The severity of the case. + in: query + name: severity + schema: + enum: + - critical + - high + - low + - medium + type: string + Cases_sort_order: + description: Determines the sort order. + in: query + name: sortOrder + required: false + schema: + default: desc + enum: + - asc + - desc + type: string + Cases_sortField: + description: Determines which field is used to sort the results. + example: updatedAt + in: query + name: sortField + schema: + default: createdAt + enum: + - createdAt + - updatedAt + - closedAt + - title + - category + - status + - severity + type: string + Cases_status: + description: Filters the returned cases by state. + example: open + in: query + name: status + schema: + enum: + - closed + - in-progress + - open + type: string + Cases_tags: + description: Filters the returned cases by tags. + example: tag-1 + in: query + name: tags + schema: + oneOf: + - $ref: '#/components/schemas/Cases_string' + - $ref: '#/components/schemas/Cases_string_array' + Cases_to: + description: > + Returns only cases that were created before a specific date. The date + must be specified as a KQL data range or date match expression. + example: now+1d + in: query + name: to + schema: + type: string + Cases_user_action_types: + description: Determines the types of user actions to return. + example: create_case + in: query + name: types + schema: + items: enum: + - action + - alert - assignees - - create_case + - attachment - comment - connector + - create_case - description - pushed - - tags - - title - - status - settings - severity - example: create_case - type: string - version: - example: WzM1ODg4LDFd - type: string - required: - - action - - comment_id - - created_at - - created_by - - id - - owner - - payload - - type - - version - Cases_user_actions_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 - type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type - Cases_user_comment_response_properties: - title: Case response properties for user comments - type: object - properties: - comment: - example: A new comment. - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - id: - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - pushed_at: - example: null - format: date-time - nullable: true - type: string - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' - type: - enum: + - status + - tags + - title - user - example: user - type: string - updated_at: - example: null - format: date-time - nullable: true - type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzIwNDMxLDFd - type: string - required: - - type - Data_views_400_response: - title: Bad request - type: object - properties: - error: - example: Bad Request - type: string - message: type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object + type: array + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Saved_objects_saved_object_id: + description: An identifier for the saved object. + in: path + name: id + required: true + schema: + type: string + Saved_objects_saved_object_type: + description: >- + Valid options include `visualization`, `dashboard`, `search`, + `index-pattern`, `config`. + in: path + name: type + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + schemas: + Alerting_401_response: properties: error: enum: - - Not Found - example: Not Found + - Unauthorized + example: Unauthorized type: string message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found type: string statusCode: enum: - - 404 - example: 404 + - 401 + example: 401 type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties + title: Unsuccessful rule API response type: object - properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + Alerting_alert_response_properties: + title: Legacy alert response properties type: object properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 + actions: + items: + type: object + type: array + alertTypeId: + example: .index-threshold type: string - customLabel: - description: Custom label for the field. + apiKeyOwner: + example: elastic + nullable: true type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: + createdAt: + description: The date and time that the alert was created. + example: '2022-12-05T23:36:58.284Z' + format: date-time + type: string + createdBy: + description: The identifier for the user that created the alert. + example: elastic + type: string + enabled: + description: Indicates whether the alert is currently enabled. + example: true + type: boolean + executionStatus: type: object properties: - source: - description: Script for the runtime field. + lastExecutionDate: + example: '2022-12-06T00:13:43.890Z' + format: date-time type: string - type: - description: Mapping type of the runtime field. + status: + example: ok + type: string + id: + description: The identifier for the alert. + example: b530fed0-74f5-11ed-9801-35303b735aef type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. + muteAll: + example: false type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + mutedInstanceIds: + items: + type: string + nullable: true + type: array + name: + description: The name of the alert. + example: my alert type: string - toId: - description: New saved object reference value to replace the old value. + notifyWhen: + example: onActionGroupChange type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: 'The timestamp field name, which you use for time-based data views.' - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: 'When set to `rollup`, identifies the rollup data views.' - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object params: - description: Properties for retrieving rollup fields. + additionalProperties: true type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. + schedule: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: + interval: type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean - required: - - data_view - Fleet_agent: - title: Agent - type: object - properties: - access_api_key: - type: string - access_api_key_id: + scheduledTaskId: + example: b530fed0-74f5-11ed-9801-35303b735aef type: string - active: - type: boolean - components: + tags: items: - $ref: '#/components/schemas/Fleet_agent_component' + type: string type: array - default_api_key: + throttle: + nullable: true type: string - default_api_key_id: + updatedAt: + example: '2022-12-05T23:36:58.284Z' type: string - enrolled_at: + updatedBy: + description: The identifier for the user that updated this alert most recently. + example: elastic + nullable: true type: string - id: + Alerting_fieldmap_properties: + title: Field map objects in the get rule types response + type: object + properties: + array: + description: Indicates whether the field is an array. + type: boolean + dynamic: + description: Indicates whether it is a dynamic field mapping. + type: boolean + format: + description: > + Indicates the format of the field. For example, if the `type` is + `date_range`, the `format` can be + `epoch_millis||strict_date_optional_time`. type: string - last_checkin: + ignore_above: + description: >- + Specifies the maximum length of a string field. Longer strings are + not indexed or stored. + type: integer + index: + description: Indicates whether field values are indexed. + type: boolean + path: + description: TBD type: string - local_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' - metrics: + properties: + additionalProperties: + type: object + properties: + type: + description: The data type for each object property. + type: string + description: > + Details about the object properties. This property is applicable + when `type` is `object`. type: object - properties: - cpu_avg: - description: >- - Average agent CPU usage during the last 5 minutes, number - between 0-1 - type: number - memory_size_byte_avg: - description: Average agent memory consumption during the last 5 minutes - type: number - policy_id: - type: string - policy_revision: - type: number - status: - $ref: '#/components/schemas/Fleet_agent_status' + required: + description: Indicates whether the field is required. + type: boolean + scaling_factor: + description: > + The scaling factor to use when encoding values. This property is + applicable when `type` is `scaled_float`. Values will be multiplied + by this factor at index time and rounded to the closest long value. + type: integer type: - $ref: '#/components/schemas/Fleet_agent_type' - unenrolled_at: - type: string - unenrollment_started_at: + description: Specifies the data type for the field. + example: scaled_float type: string - user_provided_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' - required: - - type - - active - - enrolled_at - - id - - status - Fleet_agent_action: - oneOf: - - properties: - ack_data: - type: string - data: - type: string - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - - properties: - data: - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - type: - type: string - title: Agent action - Fleet_agent_component: - title: Agent component - type: object + Cases_4xx_response: properties: - id: + error: + example: Unauthorized type: string message: type: string - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - type: string - units: - items: - $ref: '#/components/schemas/Fleet_agent_component_unit' - type: array - Fleet_agent_component_status: + statusCode: + example: 401 + type: integer + title: Unsuccessful cases API response + type: object + Cases_action_types: + description: The type of action. enum: - - starting - - configuring - - healthy - - degraded - - failed - - stopping - - stopped - title: Agent component status + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case type: string - Fleet_agent_component_unit: - title: Agent component unit - type: object - properties: - id: - type: string - message: - type: string - payload: - type: object - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - $ref: '#/components/schemas/Fleet_agent_component_unit_type' - Fleet_agent_component_unit_type: + Cases_actions: enum: - - input - - output - title: Agent component unit type + - add + - create + - delete + - push_to_service + - update + example: create type: string - Fleet_agent_diagnostics: - title: Agent diagnostics + Cases_add_alert_comment_request_properties: + description: Defines properties for case comment requests when type is alert. type: object properties: - actionId: - type: string - createTime: - type: string - filePath: - type: string - id: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owner' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + enum: + - alert + example: alert type: string - name: + required: + - alertId + - index + - owner + - rule + - type + title: Add case comment request properties for alerts + Cases_add_case_comment_request: + description: >- + The add comment to case API request body varies depending on whether you + are adding an alert or a comment. + discriminator: + mapping: + alert: '#/components/schemas/Cases_add_alert_comment_request_properties' + user: '#/components/schemas/Cases_add_user_comment_request_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' + title: Add case comment request + Cases_add_user_comment_request_properties: + description: Defines properties for case comment requests when type is user. + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + example: A new comment. + maxLength: 30000 type: string - status: + owner: + $ref: '#/components/schemas/Cases_owner' + type: + description: The type of comment. enum: - - READY - - AWAITING_UPLOAD - - DELETED - - IN_PROGRESS - required: - - id - - name - - createTime - - filePath - - actionId - - status - Fleet_agent_get_by_actions: - items: - items: + - user + example: user type: string - type: array - title: Agents get by action ids - type: array - Fleet_agent_metadata: - title: Agent metadata + required: + - comment + - owner + - type + title: Add case comment request properties for user comments type: object - Fleet_agent_policy: - title: Agent Policy + Cases_alert_comment_response_properties: + title: Add case comment response properties for alerts type: object properties: - advanced_settings: - description: >- - Advanced settings stored in the agent policy, e.g. - agent_limits_go_max_procs - nullable: true - type: object - agent_features: + alertId: items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + type: string type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true + created_at: + example: '2023-11-06T19:29:38.424Z' + format: date-time type: string - fleet_server_host_id: - nullable: true + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + id: + example: 73362370-ab1a-11ec-985f-97e55adae8b9 type: string - global_data_tags: + index: items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object + example: .internal.alerts-security.alerts-default-000001 + type: string type: array - id: + owner: + $ref: '#/components/schemas/Cases_owner' + pushed_at: + example: null + format: date-time + nullable: true type: string - inactivity_timeout: - type: integer - is_protected: - description: >- - Indicates whether the agent policy has tamper protection enabled. - Default false. - type: boolean - keep_monitoring_alive: - description: >- - When set to true, monitoring will be enabled but logs/metrics - collection will be disabled + pushed_by: nullable: true - type: boolean - monitoring_diagnostics: type: object properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_http: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + rule: type: object properties: - enabled: - type: boolean - host: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 type: string - port: - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert + example: alert type: string - namespace: + updated_at: + format: date-time + nullable: true type: string - overrides: - description: >- - Override settings that are defined in the agent policy. Input - settings cannot be overridden. The override option should be used - only in unusual circumstances and not as a routine procedure. + updated_by: nullable: true type: object - package_policies: - description: >- - This field is present only when retrieving a single agent policy, or - when retrieving a list of agent policies with the ?full=true - parameter - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - revision: - type: number - supports_agentless: - description: >- - Indicates whether the agent policy supports agentless integrations. - Only allowed in a serverless environment. - type: boolean - unenroll_timeout: - type: integer - unprivileged_agents: - type: number - updated_by: - type: string - updated_on: - format: date-time + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzMwNDgsMV0= type: string required: - - id - - status - - name - - namespace - Fleet_agent_policy_create_request: - title: Create agent policy request + - type + Cases_alert_identifiers: + description: > + The alert identifiers. It is required only when `type` is `alert`. You + can use an array of strings to add multiple alerts to a case, provided + that they all relate to the same rule; `index` must also be an array + with the same length or number of elements. Adding multiple alerts in + this manner is recommended rather than calling the API multiple times. + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert identifiers + x-state: Technical preview + Cases_alert_indices: + description: > + The alert indices. It is required only when `type` is `alert`. If you + are adding multiple alerts to a case, use an array of strings; the + position of each index name in the array must match the position of the + corresponding alert identifier in the `alertId` array. This + functionality is in technical preview and may be changed or removed in a + future release. Elastic will work to fix any issues, but features in + technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert indices + x-state: Technical preview + Cases_alert_response_properties: type: object properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: + attached_at: + format: date-time type: string - download_source_id: - nullable: true + id: + description: The alert identifier. type: string - fleet_server_host_id: - nullable: true + index: + description: The alert index. type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number + Cases_assignees: + description: An array containing users that are assigned to the case. + items: + type: object + properties: + uid: description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - id: - type: string - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: - items: - enum: - - metrics - - logs + A unique identifier for the user profile. These identifiers can be + found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 type: string - type: array - monitoring_output_id: + required: + - uid + maxItems: 10 + nullable: true + type: array + Cases_case_categories: + items: + $ref: '#/components/schemas/Cases_case_category' + maxItems: 100 + type: array + Cases_case_category: + description: A word or phrase that categorizes the case. + maxLength: 50 + type: string + Cases_case_description: + description: The description for the case. + maxLength: 30000 + type: string + Cases_case_response_closed_by_properties: + nullable: true + properties: + email: + example: null nullable: true type: string - name: + full_name: + example: null + nullable: true type: string - namespace: + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true type: string - unenroll_timeout: - type: integer required: - - name - - namespace - Fleet_agent_policy_full: - oneOf: - - type: object - properties: - item: - type: string - - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_full_agent_policy' - title: Agent policy full response + - email + - full_name + - username + title: Case response properties for closed_by type: object - Fleet_agent_policy_update_request: - title: Update agent policy request + Cases_case_response_created_by_properties: + title: Case response properties for created_by type: object properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: + email: + example: null nullable: true type: string - description: - type: string - download_source_id: + full_name: + example: null nullable: true type: string - fleet_server_host_id: - nullable: true + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_output_id: + username: + example: elastic nullable: true type: string - name: - type: string - namespace: - type: string - unenroll_timeout: - type: integer required: - - name - - namespace - Fleet_agent_status: - enum: - - offline - - error - - online - - inactive - - warning - title: Elastic Agent status - type: string - Fleet_agent_type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - title: Agent type - type: string - Fleet_bulk_install_packages_response: - title: Bulk install packages response + - email + - full_name + - username + Cases_case_response_properties: + title: Case response properties type: object properties: - items: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + description: The case category. + nullable: true + type: string + closed_at: + format: date-time + nullable: true + type: string + closed_by: + $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + comments: + description: An array of comment objects for the case. items: - type: object - properties: - name: - type: string - version: - type: string + discriminator: + mapping: + alert: '#/components/schemas/Cases_alert_comment_response_properties' + user: '#/components/schemas/Cases_user_comment_response_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + maxItems: 10000 + title: Case response properties for comments type: array - response: - deprecated: true + connector: + discriminator: + mapping: + .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' + .jira: '#/components/schemas/Cases_connector_properties_jira' + .none: '#/components/schemas/Cases_connector_properties_none' + .resilient: '#/components/schemas/Cases_connector_properties_resilient' + .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' + .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' + .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + title: Case response properties for connectors + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + customFields: + description: Custom field values for the case. items: type: object properties: - name: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. type: string - version: + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean type: array - required: - - items - Fleet_bulk_upgrade_agents: - title: Bulk upgrade agents - type: object - properties: - agents: - oneOf: - - description: 'KQL query string, leave empty to action all agents' - type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: 'Force upgrade, skipping validation (should be used with caution)' - type: boolean - rollout_duration_seconds: - description: rolling upgrade window duration in seconds - type: number - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: - description: alternative upgrade binary download url + description: + example: A case description. + type: string + duration: + description: > + The elapsed time from the creation of the case to its closure (in + seconds). If the case has not been closed, the duration is set to + null. If the case was closed after less than half a second, the + duration is rounded down to zero. + example: 120 + nullable: true + type: integer + external_service: + $ref: '#/components/schemas/Cases_external_service' + id: + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + example: + - tag-1 + items: + type: string + type: array + title: + example: Case title 1 type: string - start_time: - description: start time of upgrade in ISO 8601 format + totalAlerts: + example: 0 + type: integer + totalComment: + example: 0 + type: integer + updated_at: + format: date-time + nullable: true type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' version: - description: version to upgrade to + example: WzUzMiwxXQ== type: string required: - - agents + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by - version - Fleet_data_stream: - title: Data stream - type: object + Cases_case_response_pushed_by_properties: + nullable: true properties: - dashboard: - items: - type: object - properties: - id: - type: string - title: - type: string - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: + email: + example: null + nullable: true type: string - package_version: + full_name: + example: null + nullable: true type: string - size_in_bytes: - type: number - size_in_bytes_formatted: + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - type: + username: + example: elastic + nullable: true type: string - Fleet_download_sources: - title: Download Source + required: + - email + - full_name + - username + title: Case response properties for pushed_by type: object + Cases_case_response_updated_by_properties: + nullable: true properties: - host: + email: + example: null + nullable: true type: string - id: + full_name: + example: null + nullable: true type: string - is_default: - type: boolean - name: + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the proxies - API for more information. + username: + example: elastic nullable: true type: string required: - - is_default - - name - - host - Fleet_elasticsearch_asset_type: + - email + - full_name + - username + title: Case response properties for updated_by + type: object + Cases_case_severity: + default: low + description: The severity of the case. + enum: + - critical + - high + - low + - medium + type: string + Cases_case_status: + description: The status of the case. + enum: + - closed + - in-progress + - open + type: string + Cases_case_tags: + description: > + The words and phrases that help categorize cases. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_case_title: + description: A title for the case. + maxLength: 160 + type: string + Cases_closure_types: + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). enum: - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - title: Elasticsearch asset type + - close-by-pushing + - close-by-user + example: close-by-user type: string - Fleet_enrollment_api_key: - title: Enrollment API key + Cases_connector_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. type: object properties: - active: - description: >- - When false, the enrollment API key is revoked and cannot be used for - enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: + fields: + example: null + nullable: true type: string id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string name: - description: The name of the enrollment API key. + description: The name of the connector. type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: + description: The type of connector. + enum: + - .cases-webhook + example: .cases-webhook type: string required: + - fields - id - - api_key_id - - api_key - - active - - created_at - Fleet_fleet_server_host: - title: Fleet Server Host + - name + - type + title: Create or upate case request properties for Cases Webhook connector + Cases_connector_properties_jira: + description: Defines properties for connectors when type is `.jira`. type: object properties: - host_urls: - items: - type: string - type: array + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + issueType: + description: The type of issue. + nullable: true + type: string + parent: + description: The key of the parent issue, when the issue type is sub-task. + nullable: true + type: string + priority: + description: The priority of the issue. + nullable: true + type: string + required: + - issueType + - parent + - priority id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string - is_default: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean name: + description: The name of the connector. type: string - proxy_id: + type: + description: The type of connector. + enum: + - .jira + example: .jira type: string required: - - fleet_server_hosts + - fields - id - - is_default - - is_preconfigured - - host_urls - Fleet_fleet_settings_response: - title: Fleet settings response - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_settings' - required: - - item - Fleet_fleet_setup_response: - title: Fleet Setup response - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - Fleet_fleet_status_response: - title: Fleet status response - type: object - properties: - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features - Fleet_full_agent_policy: - title: Full agent policy + - name + - type + title: Create or update case request properties for a Jira connector + Cases_connector_properties_none: + description: Defines properties for connectors when type is `.none`. type: object properties: - agent: + fields: + description: >- + An object containing the connector fields. To create a case without + a connector, specify null. To update a case to remove the connector, + specify null. + example: null nullable: true type: string - fleet: - oneOf: - - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - - type: object - properties: - kibana: - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. To update a case to remove the connector, + specify `none`. + example: none type: string - inputs: + name: + description: >- + The name of the connector. To create a case without a connector, use + `none`. To update a case to remove the connector, specify `none`. + example: none + type: string + type: + description: >- + The type of connector. To create a case without a connector, use + `.none`. To update a case to remove the connector, specify `.none`. + enum: + - .none + example: .none type: string - monitoring: + required: + - fields + - id + - name + - type + title: Create or update case request properties for no connector + Cases_connector_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + nullable: true type: object properties: - diagnostics: - type: object - properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - enabled: - type: boolean - http: - type: object - properties: - enabled: - type: boolean - host: - type: string - port: - type: number - required: - - enabled - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - pprof: - type: object - properties: - enabled: - type: boolean - required: - - enabled - traces: - type: boolean - use_output: + issueTypes: + description: The type of incident. + items: + type: string + type: array + severityCode: + description: The severity code of the incident. type: string required: - - enabled - - metrics - - logs - - traces - output_permissions: - additionalProperties: - type: object - properties: - data: - $ref: >- - #/components/schemas/Fleet_full_agent_policy_output_permissions - output: - type: integer - type: object - outputs: - additionalProperties: - $ref: '#/components/schemas/Fleet_full_agent_policy_output' - type: object - revision: - type: number - secret_references: - items: - type: object - properties: - id: - type: string - type: array + - issueTypes + - severityCode + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .resilient + example: .resilient + type: string required: + - fields - id - - outputs - - inputs - Fleet_full_agent_policy_input: - allOf: - - additionalProperties: true + - name + - type + title: Create case request properties for a IBM Resilient connector + Cases_connector_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. type: object properties: - data_stream: - type: object - properties: - namespace: - type: string - required: - - namespace - id: + category: + description: The category of the incident. + nullable: true type: string - meta: - additionalProperties: true - type: object - properties: - package: - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: + impact: + description: The effect an incident had on business. + nullable: true type: string - revision: - type: number - streams: - $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' - type: + severity: + description: The severity of the incident. + nullable: true type: string - use_output: + subcategory: + description: The subcategory of the incident. + nullable: true type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - title: Full agent policy input - Fleet_full_agent_policy_input_stream: - allOf: - - additionalProperties: true - type: object - properties: - data_stream: - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - - type - id: + urgency: + description: The extent to which the incident resolution can be delayed. + nullable: true type: string required: - - id - - data_stream - title: Full agent policy input stream - Fleet_full_agent_policy_output: - title: Full agent policy + - category + - impact + - severity + - subcategory + - urgency + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow + example: .servicenow + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow ITSM connector + Cases_connector_properties_servicenow_sir: + description: Defines properties for connectors when type is `.servicenow-sir`. type: object properties: - additionalProperties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. type: object properties: - text: {} - ca_sha256: - nullable: true + category: + description: The category of the incident. + nullable: true + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs. + nullable: true + type: boolean + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs. + nullable: true + type: boolean + priority: + description: The priority of the issue. + nullable: true + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir type: string - type: {} required: + - fields + - id + - name - type - - hosts - - ca_sha256 - Fleet_full_agent_policy_output_permissions: - additionalProperties: - type: object - properties: - data: - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - type: object - properties: - names: - items: - type: string - type: array - privileges: - items: - type: string - type: array - type: array - packagePolicyName: - type: string - title: Full agent policy output permissions - Fleet_get_agent_tags_response: - title: Get Agent Tags response - type: object - properties: - items: - items: - type: string - type: array - Fleet_get_agents_response: - title: Get Agent response + title: Create case request properties for a ServiceNow SecOps connector + Cases_connector_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - page: - type: number - perPage: - type: number - statusSummary: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. type: object properties: - degraded': - type: number - enrolling: - type: number - error: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - unenrolled: - type: number - unenrolling: - type: number - updating: - type: number - total: - type: number + caseId: + description: The case identifier for Swimlane connectors. + nullable: true + type: string + required: + - caseId + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .swimlane + example: .swimlane + type: string required: - - items - - total - - page - - perPage - Fleet_get_bulk_assets_response: - deprecated: true + - fields + - id + - name + - type + title: Create case request properties for a Swimlane connector + Cases_connector_types: + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none + type: string + Cases_create_case_request: + description: >- + The create case API request body varies depending on the type of + connector. properties: - items: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields that are + not specified in the request are set to null. items: type: object properties: - appLink: - type: string - attributes: - type: object - properties: - description: - type: string - title: - type: string - id: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. type: string type: - $ref: '#/components/schemas/Fleet_saved_object_type' - updatedAt: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 type: array + description: + $ref: '#/components/schemas/Cases_case_description' + owner: + $ref: '#/components/schemas/Cases_owner' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' required: - - items - title: Bulk get assets response + - connector + - description + - owner + - settings + - tags + - title + title: Create case request type: object - Fleet_get_categories_response: - title: Get categories response + Cases_external_service: + nullable: true type: object properties: - items: - items: - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - Fleet_get_packages_response: - title: Get Packages response + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + format: date-time + type: string + pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + Cases_owner: + description: > + The application that owns the cases: Stack Management, Observability, or + Elastic Security. + enum: + - cases + - observability + - securitySolution + example: cases + type: string + Cases_owners: + items: + $ref: '#/components/schemas/Cases_owner' + type: array + Cases_payload_alert_comment: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_search_result' - type: array - response: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_search_result' - type: array - required: - - items - Fleet_installation_info: - title: Installation info object + comment: + type: object + properties: + alertId: + oneOf: + - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + type: string + - items: + type: string + type: array + index: + oneOf: + - example: .alerts-observability.logs.alerts-default + type: string + - items: + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owner' + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert + type: string + Cases_payload_assignees: type: object properties: - created_at: - type: string - experimental_data_stream_features: - type: array + assignees: + $ref: '#/components/schemas/Cases_assignees' + Cases_payload_connector: + type: object + properties: + connector: + type: object properties: - data_stream: - type: string - features: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true type: object properties: - doc_value_only_numeric: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. nullable: true type: boolean - doc_value_only_other: + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. nullable: true type: boolean - synthetic_source: + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. nullable: true type: boolean - tsdb: + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. nullable: true type: boolean - install_format_schema_version: - type: string - install_kibana_space_id: - type: string - install_source: - enum: - - registry - - upload - - bundled - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - type: object - properties: - deferred: - type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none type: string - type: - $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' - installed_kibana: - type: object - properties: - id: + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none type: string type: - $ref: '#/components/schemas/Fleet_kibana_saved_object_type' - latest_executed_state: - description: Latest successfully executed state in package install state machine + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: type: object properties: - error: - type: string - name: - enum: - - create_restart_installation - - install_kibana_assets - - install_ilm_policies - - install_ml_model - - install_index_template_pipelines - - remove_legacy_templates - - update_current_write_indices - - install_transforms - - delete_previous_pipelines - - save_archive_entries_from_assets_map - - update_so - type: string - started_at: - type: string - latest_install_failed_attempts: - description: Latest failed install errors - items: - type: object - properties: - created_at: - type: string - error: - type: object - properties: - message: - type: string - name: - type: string - stack: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: type: string - target_version: - type: string - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - verified - - unverified - - unknown - type: string - version: - type: string - required: - - installed_kibana - - installed_es - - name - - version - - install_status - - install_version - - install_started_at - - install_source - - verification_status - - latest_install_failed_attempts - Fleet_kibana_saved_object_type: - enum: - - dashboard - - visualization - - search - - index-pattern - - map - - lens - - ml-module - - security-rule - - csp_rule_template - title: Kibana saved object asset type - type: string - Fleet_new_package_policy: - description: '' - properties: - description: - type: string - enabled: - type: boolean - inputs: - items: - type: object - properties: - config: - type: object - enabled: - type: boolean - processors: - items: + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. type: string - type: array - streams: - items: {} - type: array - type: - type: string - vars: - type: object - required: - - type - - enabled - type: array - name: - type: string - namespace: - type: string - output_id: - type: string - overrides: - type: object - package: - type: object - properties: - name: - type: string - requires_root: - type: boolean - title: + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none type: string - version: + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none type: string - required: - - name - - version - policy_id: - deprecated: true - nullable: true + type: + $ref: '#/components/schemas/Cases_connector_types' + description: type: string - policy_ids: + owner: + $ref: '#/components/schemas/Cases_owner' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: items: + example: + - tag-1 type: string type: array - required: - - inputs - - name - title: New package policy + title: + type: string + Cases_payload_delete: + description: >- + If the `action` is `delete` and the `type` is `delete_case`, the payload + is nullable. + nullable: true type: object - Fleet_output_create_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_create_request_kafka' - logstash: '#/components/schemas/Fleet_output_create_request_logstash' - remote_elasticsearch: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - propertyName: type - oneOf: - - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_create_request_kafka' - - $ref: '#/components/schemas/Fleet_output_create_request_logstash' - - $ref: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - title: Output - Fleet_output_create_request_elasticsearch: - title: elasticsearch + Cases_payload_description: type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: + description: type: string - hosts: + Cases_payload_pushed: + type: object + properties: + externalService: + $ref: '#/components/schemas/Cases_external_service' + Cases_payload_settings: + type: object + properties: + settings: + $ref: '#/components/schemas/Cases_settings' + Cases_payload_severity: + type: object + properties: + severity: + $ref: '#/components/schemas/Cases_case_severity' + Cases_payload_status: + type: object + properties: + status: + $ref: '#/components/schemas/Cases_case_status' + Cases_payload_tags: + type: object + properties: + tags: + example: + - tag-1 items: type: string type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: + Cases_payload_title: + type: object + properties: + title: type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: + Cases_payload_user_comment: + type: object + properties: + comment: type: object properties: - certificate: + comment: type: string - certificate_authorities: - items: - type: string - type: array - key: + owner: + $ref: '#/components/schemas/Cases_owner' + type: + enum: + - user type: string - type: - enum: - - elasticsearch - type: string - required: - - name - Fleet_output_create_request_kafka: - title: kafka + Cases_rule: + description: > + The rule that is associated with the alerts. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Alerting rule type: object properties: - auth_type: - type: string - broker_timeout: - type: number - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - client_id: - type: string - compression: - type: string - compression_level: - type: number - config: - type: object - config_yaml: - type: string - connection_type: - enum: - - plaintext - - encryption - type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: - type: string - type: array id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 type: string name: + description: The rule name. + example: security_rule type: string - partition: - type: string - password: - type: string - proxy_id: - type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: - type: string - secrets: + x-state: Technical preview + Cases_searchFieldsType: + description: The fields to perform the `simple_query_string` parsed query against. + enum: + - description + - title + type: string + Cases_searchFieldsTypeArray: + items: + $ref: '#/components/schemas/Cases_searchFieldsType' + type: array + Cases_set_case_configuration_request: + description: >- + External connection details, such as the closure type and default + connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. type: object properties: - password: - type: string - ssl: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none type: string - verification_mode: - enum: - - none - - full - - certificate - - strict + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none type: string - timeout: - type: number - topic: - type: string - topics: - deprecated: true - description: Use topic instead. + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. items: type: object properties: - topic: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + maxItems: 10 + minItems: 0 type: array - type: - enum: - - kafka - type: string - username: - type: string - version: - type: string + owner: + $ref: '#/components/schemas/Cases_owner' + templates: + $ref: '#/components/schemas/Cases_templates' required: - - name - - type - - topics - - auth_type - - hosts - Fleet_output_create_request_logstash: - title: logstash + - closure_type + - connector + - owner + title: Set case configuration request + type: object + Cases_settings: + description: An object that contains the case settings. type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: + syncAlerts: + description: Turns alert syncing on or off. + example: true type: boolean - name: - type: string - proxy_id: - type: string - secrets: - type: object - properties: - ssl: - type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - type: - enum: - - logstash - type: string required: - - name - - hosts - - type - Fleet_output_create_request_remote_elasticsearch: - title: remote_elasticsearch + - syncAlerts + Cases_string: + type: string + Cases_string_array: + items: + $ref: '#/components/schemas/Cases_string' + maxItems: 100 + type: array + Cases_template_tags: + description: > + The words and phrases that help categorize templates. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_templates: + items: + type: object + properties: + caseFields: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, therefore + it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector IDs, + use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + customFields: + description: Custom field values in the template. + items: + type: object + properties: + key: + description: The unique key for the custom field. + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + value: + description: > + The default value for the custom field when a case uses + the template. If the `type` is `text`, the default value + must be a string. If the `type` is `toggle`, the default + value must be boolean. + oneOf: + - type: string + - type: boolean + type: array + x-state: Technical preview + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + description: + description: A description for the template. + type: string + key: + description: > + A unique key for the template. Must be lower case and composed + only of a-z, 0-9, '_', and '-' characters. It is used in API calls + to refer to a specific template. + type: string + name: + description: The name of the template. + type: string + tags: + $ref: '#/components/schemas/Cases_template_tags' + type: array + x-state: Technical preview + Cases_update_alert_comment_request_properties: + description: Defines properties for case comment requests when type is alert. type: object properties: - hosts: - items: - type: string - type: array + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - secrets: - type: object - properties: - service_token: - type: string - service_token: - type: string + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owner' + rule: + $ref: '#/components/schemas/Cases_rule' type: + description: The type of comment. enum: - - remote_elasticsearch + - alert + example: alert + type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd type: string required: - - name - Fleet_output_update_request: + - alertId + - id + - index + - owner + - rule + - type + - version + title: Update case comment request properties for alerts + Cases_update_case_comment_request: + description: >- + The update case comment API request body varies depending on whether you + are updating an alert or a comment. discriminator: mapping: - elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_update_request_kafka' - logstash: '#/components/schemas/Fleet_output_update_request_logstash' + alert: '#/components/schemas/Cases_update_alert_comment_request_properties' + user: '#/components/schemas/Cases_update_user_comment_request_properties' propertyName: type oneOf: - - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_update_request_kafka' - - $ref: '#/components/schemas/Fleet_output_update_request_logstash' - title: Output - Fleet_output_update_request_elasticsearch: - title: elasticsearch - type: object + - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' + title: Update case comment request + Cases_update_case_configuration_request: + description: > + You can update settings such as the closure type, custom fields, + templates, and the default connector for cases. properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. type: object properties: - certificate: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none type: string - certificate_authorities: - items: - type: string - type: array - key: + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - hosts - - type - Fleet_output_update_request_kafka: - title: kafka - type: object - properties: - auth_type: - type: string - broker_timeout: - type: number - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - client_id: - type: string - compression: - type: string - compression_level: - type: number - config: - type: object - config_yaml: - type: string - connection_type: - enum: - - plaintext - - encryption - type: string - headers: + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. items: type: object properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 type: string - value: + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 type: string - type: array - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: - type: string - name: - type: string - partition: - type: string - password: - type: string - proxy_id: - type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: + type: + description: The type of the custom field. + enum: + - text + - toggle type: string - type: array - key: - type: string - verification_mode: - enum: - - none - - full - - certificate - - strict - type: string - timeout: - type: number - topic: + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + type: array + templates: + $ref: '#/components/schemas/Cases_templates' + version: + description: > + The version of the connector. To retrieve the version value, use the + get configuration API. + example: WzIwMiwxXQ== type: string - topics: - deprecated: true - description: Use topic instead. + required: + - version + title: Update case configuration request + type: object + Cases_update_case_request: + description: >- + The update case API request body varies depending on the type of + connector. + properties: + cases: + description: An array containing one or more case objects. items: type: object properties: - topic: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: >- + #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: >- + #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields + that are not specified in the request are set to null. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key + value must exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified + in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, + it cannot be explicitly set to null. However, for cases + that existed when the required custom field was added, + the default value stored in Elasticsearch is + `undefined`. The value returned in the API and user + interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + maxLength: 30000 type: string - when: - deprecated: true + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string + The current version of the case. To determine this value, use + the get case or find cases APIs. + type: string + required: + - id + - version + maxItems: 100 + minItems: 1 type: array + required: + - cases + title: Update case request + type: object + Cases_update_user_comment_request_properties: + description: Defines properties for case comment requests when type is user. + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + example: A new comment. + maxLength: 30000 + type: string + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string + owner: + $ref: '#/components/schemas/Cases_owner' type: + description: The type of comment. enum: - - kafka - type: string - username: + - user + example: user type: string version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd type: string required: - - name - Fleet_output_update_request_logstash: - title: logstash + - comment + - id + - owner + - type + - version + title: Update case comment request properties for user comments + type: object + Cases_user_actions_find_response_properties: type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true type: string - proxy_id: + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time type: string - shipper: + created_by: type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: + email: + example: null + nullable: true type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: + full_name: + example: null + nullable: true type: string - certificate_authorities: - items: - type: string - type: array - key: + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true type: string + required: + - email + - full_name + - username + id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' type: + description: The type of action. enum: - - logstash + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case type: string - required: - - name - Fleet_package_info: - title: Package information - type: object - properties: - agent: - type: object - properties: - privileges: - type: object - properties: - root: - type: boolean - asset_tags: - items: - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - items: - type: string - type: array - categories: - items: - type: string - type: array - conditions: - type: object - properties: - elasticsearch: - type: object - properties: - subscription: - enum: - - basic - - gold - - platinum - - enterprise - type: string - kibana: - type: object - properties: - versions: - type: string - data_streams: - items: - type: object - properties: - ingeset_pipeline: - type: string - name: - type: string - package: - type: string - release: - type: string - title: - type: string - type: - type: string - vars: - items: - type: object - properties: - default: - type: string - name: - type: string - required: - - name - - default - type: array - required: - - title - - name - - release - - ingeset_pipeline - - type - - package - type: array - description: + version: + example: WzM1ODg4LDFd type: string - discovery: - type: object - properties: - fields: - items: - type: object - properties: - name: - type: string - required: - - name - type: array - download: + required: + - action + - comment_id + - created_at + - created_by + - id + - owner + - payload + - type + - version + Cases_user_actions_response_properties: + type: object + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 type: string - elasticsearch: - type: object - properties: - privileges: - type: object - properties: - cluster: - items: - type: string - type: array - format_version: + case_id: + example: 22df07d0-03b1-11ed-920c-974bfa104448 type: string - icons: - items: - type: string - type: array - internal: - type: boolean - name: + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true type: string - owner: + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: type: object properties: - github: + email: + example: null + nullable: true type: string - type: - enum: - - elastic - - partner - - community + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true type: string required: - - github - path: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owner' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + Cases_user_comment_response_properties: + title: Case response properties for user comments + type: object + properties: + comment: + example: A new comment. type: string - readme: + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time type: string - release: - deprecated: true - description: >- - release label is deprecated, derive from the version instead - (packages follow semver) - enum: - - experimental - - beta - - ga + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 type: string - screenshots: - items: - type: object - properties: - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - - path - type: array - source: - type: object - properties: - license: - enum: - - Apache-2.0 - - Elastic-2.0 - type: string - title: + owner: + $ref: '#/components/schemas/Cases_owner' + pushed_at: + example: null + format: date-time + nullable: true type: string + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' type: enum: - - integration - - input - - content + - user + example: user + type: string + updated_at: + example: null + format: date-time + nullable: true type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' version: + example: WzIwNDMxLDFd type: string required: - - name - - title - - version - - description - type - - categories - - conditions - - assets - - format_version - - download - - path - - owner - Fleet_package_policy: - allOf: - - type: object - properties: - id: - type: string - inputs: - oneOf: - - items: {} - type: array - - type: object - revision: - type: number - required: - - id - - revision - - $ref: '#/components/schemas/Fleet_new_package_policy' - title: Package policy - Fleet_package_policy_request: - title: Package Policy Request + Data_views_400_response: + title: Bad request type: object properties: - description: - description: Package policy description - example: my description - type: string - force: - description: >- - Force package policy creation even if package is not verified, or if - the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier + error: + example: Bad Request type: string - inputs: - additionalProperties: - type: object - properties: - enabled: - description: 'enable or disable that input, (default to true)' - type: boolean - streams: - additionalProperties: - type: object - properties: - enabled: - description: 'enable or disable that stream, (default to true)' - type: boolean - vars: - description: >- - Stream level variable (see integration documentation for - more information) - type: object - description: >- - Input streams (see integration documentation to know what - streams are available) - type: object - vars: - description: >- - Input level variable (see integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration documentation to know what - inputs are available) - example: - nginx-logfile: - enabled: true - streams: - nginx.access: - enabled: true - vars: - ignore_older: 72h - paths: - - /var/log/nginx/access.log* - preserve_original_event: false - tags: - - nginx-access - type: object - name: - description: Package policy name (should be unique) - example: nginx-123 + message: type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the agent - policy's namespace. - example: customnamespace + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: + enum: + - Not Found + example: Not Found type: string - output_id: - description: Output ID to send package data to - example: output-id - nullable: true + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found type: string - overrides: - description: >- - Override settings that are defined in the package policy. The - override option should be used only in unusual circumstances and not - as a routine procedure. - nullable: true + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. type: object properties: - inputs: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' type: object - package: - type: object - properties: + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string name: - description: Package name - example: nginx + description: The data view name. type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' version: - description: Package version - example: 1.6.0 type: string required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - example: agent-policy-id - nullable: true - type: string - policy_ids: - description: Agent policy IDs where that package policy will be added - example: - - agent-policy-id - items: - type: string - type: array - vars: + - title + override: + default: false description: >- - Package root level variable (see integration documentation for more - information) - type: object + Override an existing data view if a data view with the provided + title already exists. + type: boolean required: - - name - - package - Fleet_package_usage_stats: - title: Package usage stats + - data_view + Data_views_data_view_response_object: + title: Data view response properties type: object properties: - agent_policy_count: - type: integer - required: - - agent_policy_count - Fleet_proxies: - title: Fleet Proxy + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 type: string - name: + customLabel: + description: Custom label for the field. type: string - proxy_headers: + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: type: object - url: + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. type: string required: - - name - - url - Fleet_saved_object_type: - oneOf: - - enum: - - dashboard - - visualization - - search - - index_pattern - - map - - lens - - security_rule - - csp_rule_template - - ml_module - - tag - - osquery_pack_asset - - osquery_saved_query - type: string - - enum: - - index - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - - ml_model - type: string - title: Saved Object type - Fleet_search_result: - title: Search result + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request type: object properties: - description: - type: string - download: - type: string - icons: - type: string - installationInfo: - $ref: '#/components/schemas/Fleet_installation_info' - name: - type: string - path: - type: string - savedObject: - deprecated: true - type: object - status: + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. type: string - title: + fromId: + description: The saved object reference to change. type: string - type: + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. type: string - version: + toId: + description: New saved object reference value to replace the old value. type: string required: - - description - - download - - icons - - name - - path - - title - - type - - version - - status - Fleet_settings: - title: Settings + - fromId + - toId + Data_views_timefieldname: + description: The timestamp field name, which you use for time-based data views. + type: string + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: When set to `rollup`, identifies the rollup data views. + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. type: object properties: - delete_unenrolled_agents: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - fleet_server_hosts: - deprecated: true - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - prerelease_integrations_enabled: - type: boolean required: - - fleet_server_hosts - - id - Fleet_upgrade_agent: - title: Upgrade agent + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true type: object properties: - force: - description: 'Force upgrade, skipping validation (should be used with caution)' - type: boolean - skipRateLimitCheck: - description: Skip rate limit check for upgrade + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request + type: object + properties: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. type: boolean - source_uri: - type: string - version: - type: string required: - - version - Fleet_upgrade_agent_diff: - items: - items: - $ref: '#/components/schemas/Fleet_full_agent_policy_input' - type: array - title: Package policy Upgrade dryrun - type: array - Fleet_upgrade_diff: - items: - allOf: - - $ref: '#/components/schemas/Fleet_package_policy' - - allOf: - - $ref: '#/components/schemas/Fleet_new_package_policy' - - type: object - properties: - errors: - items: - type: object - properties: - key: - type: string - message: - type: string - type: array - missingVars: - items: - type: string - type: array - type: object - title: Package policy Upgrade dryrun - type: array + - data_view Kibana_HTTP_APIs_core_status_redactedResponse: additionalProperties: false description: A minimal representation of Kibana's operational status. @@ -31441,7 +48801,7 @@ components: additionalProperties: $ref: >- #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: 'If saved objects are missing for trained models, they are created.' + description: If saved objects are missing for trained models, they are created. type: object title: Sync API response for created saved objects type: object @@ -32203,13 +49563,13 @@ components: type: object properties: traceId: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: string transactionId: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: string Security_AI_Assistant_API_User: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: object properties: id: @@ -32465,12 +49825,12 @@ components: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. example: 1h - pattern: '^[1-9]\d*[smh]$' + pattern: ^[1-9]\d*[smh]$ type: string lookback: description: Lookback time for the rule example: 1h - pattern: '^[1-9]\d*[smh]$' + pattern: ^[1-9]\d*[smh]$ type: string required: - interval @@ -36046,9 +53406,9 @@ components: - no_actions - rule type: string - - description: 'Time interval in seconds, minutes, hours, or days.' + - description: Time interval in seconds, minutes, hours, or days. example: 1h - pattern: '^[1-9]\d*[smhd]$' + pattern: ^[1-9]\d*[smhd]$ type: string Security_Detections_API_RuleAuthorArray: items: @@ -36309,7 +53669,7 @@ components: discriminator: propertyName: type Security_Detections_API_RuleSignatureId: - description: 'Could be any string, not necessarily a UUID' + description: Could be any string, not necessarily a UUID type: string Security_Detections_API_RuleSource: description: >- @@ -38310,7 +55670,7 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' + description: Human readable string identifier, e.g. `trusted-linux-processes` Security_Endpoint_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItem: @@ -39370,8 +56730,6 @@ components: Security_Entity_Analytics_API_EngineDescriptor: type: object properties: - error: - type: object fieldHistoryLength: type: integer filter: @@ -39831,7 +57189,7 @@ components: type: string Security_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: 'Human readable string identifier, e.g. `trusted-linux-processes`' + description: Human readable string identifier, e.g. `trusted-linux-processes` Security_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItem: @@ -41600,7 +58958,7 @@ components: example: Not Found type: string message: - example: 'SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found' + example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found type: string statusCode: example: 404 @@ -41617,7 +58975,7 @@ components: example: Conflict type: string message: - example: 'SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists' + example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists type: string statusCode: example: 409 @@ -41724,11 +59082,11 @@ components: type: object properties: consumed: - description: 'The error budget consummed, as a percentage of the initial value.' + description: The error budget consummed, as a percentage of the initial value. example: 0.8 type: number initial: - description: 'The initial error budget, as 1 - objective' + description: The initial error budget, as 1 - objective example: 0.02 type: number isEstimated: @@ -41738,7 +59096,7 @@ components: example: true type: boolean remaining: - description: 'The error budget remaining, as a percentage of the initial value.' + description: The error budget remaining, as a percentage of the initial value. example: 0.2 type: number required: @@ -41838,7 +59196,7 @@ components: type: string index: description: The index used by APM metrics - example: 'metrics-apm*,apm*' + example: metrics-apm*,apm* type: string service: description: The APM service name @@ -41885,7 +59243,7 @@ components: type: string index: description: The index used by APM metrics - example: 'metrics-apm*,apm*' + example: metrics-apm*,apm* type: string service: description: The APM service name @@ -42019,7 +59377,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -42073,7 +59431,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -42375,7 +59733,7 @@ components: properties: frequency: default: 1m - description: 'Configure how often the transform runs, default 1m' + description: Configure how often the transform runs, default 1m example: 5m type: string preventInitialBackfill: @@ -42516,7 +59874,7 @@ components: - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' instanceId: - description: 'the value derived from the groupBy field, if present, otherwise ''*''' + description: the value derived from the groupBy field, if present, otherwise '*' example: host-abcde type: string name: @@ -42641,7 +59999,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -42664,7 +60022,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string required: - name @@ -42692,7 +60050,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: '^[A-Z]$' + pattern: ^[A-Z]$ type: string percentile: description: The percentile value. @@ -42782,13 +60140,13 @@ tags: - name: Elastic Package Manager (EPM) - name: Fleet enrollment API keys - name: Fleet internals - - name: Fleet Kubernetes - name: Fleet outputs - name: Fleet package policies - name: Fleet proxies - name: Fleet Server hosts - name: Fleet service tokens - name: Fleet uninstall tokens + - name: Message Signing Service - description: Machine learning name: ml - name: roles @@ -42843,10 +60201,10 @@ tags: other criteria are met. name: Security Exceptions API x-displayName: Security exceptions - - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' + - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. name: Security Lists API x-displayName: Security lists - - description: 'Run live queries, manage packs and saved queries.' + - description: Run live queries, manage packs and saved queries. name: Security Osquery API x-displayName: Security Osquery - description: >- @@ -42854,7 +60212,7 @@ tags: import new Timelines from an ndjson file. name: Security Timeline API x-displayName: Security timeline - - description: 'SLO APIs enable you to define, manage and track service-level objectives' + - description: SLO APIs enable you to define, manage and track service-level objectives name: slo - name: spaces - name: system diff --git a/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap b/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap index 818c0502ad774..c147a38445247 100644 --- a/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap +++ b/packages/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap @@ -44,7 +44,7 @@ Object { "paths": Object { "/foo/{id}": Object { "get": Object { - "operationId": "%2Ffoo%2F%7Bid%7D#0", + "operationId": "get-foo-id", "parameters": Array [ Object { "description": "The version of the API to use", @@ -138,7 +138,7 @@ Object { "/bar": Object { "get": Object { "deprecated": true, - "operationId": "%2Fbar#0", + "operationId": "get-bar", "parameters": Array [ Object { "description": "The version of the API to use", @@ -231,7 +231,7 @@ OK response oas-test-version-2", "/foo/{id}/{path*}": Object { "delete": Object { "description": "route description", - "operationId": "%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#2", + "operationId": "delete-foo-id-path", "parameters": Array [ Object { "description": "The version of the API to use", @@ -269,7 +269,7 @@ OK response oas-test-version-2", }, "get": Object { "description": "route description", - "operationId": "%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#0", + "operationId": "get-foo-id-path", "parameters": Array [ Object { "description": "The version of the API to use", @@ -415,7 +415,7 @@ OK response oas-test-version-2", }, "post": Object { "description": "route description", - "operationId": "%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#1", + "operationId": "post-foo-id-path", "parameters": Array [ Object { "description": "The version of the API to use", @@ -572,7 +572,7 @@ OK response oas-test-version-2", }, "/no-xsrf/{id}/{path*}": Object { "post": Object { - "operationId": "%2Fno-xsrf%2F%7Bid%7D%2F%7Bpath*%7D#1", + "operationId": "post-no-xsrf-id-path-2", "parameters": Array [ Object { "description": "The version of the API to use", @@ -724,7 +724,7 @@ Object { "paths": Object { "/recursive": Object { "get": Object { - "operationId": "%2Frecursive#0", + "operationId": "get-recursive", "parameters": Array [ Object { "description": "The version of the API to use", @@ -807,7 +807,7 @@ Object { "paths": Object { "/foo/{id}": Object { "get": Object { - "operationId": "%2Ffoo%2F%7Bid%7D#0", + "operationId": "get-foo-id", "parameters": Array [ Object { "description": "The version of the API to use", @@ -845,7 +845,7 @@ Object { }, "/test": Object { "get": Object { - "operationId": "%2Ftest#0", + "operationId": "get-test", "parameters": Array [ Object { "description": "The version of the API to use", diff --git a/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts b/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts index b3f20da38915b..f4ba66f992134 100644 --- a/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts +++ b/packages/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts @@ -35,7 +35,7 @@ export const sharedOas = { get: { deprecated: true, 'x-discontinued': 'route discontinued version or date', - operationId: '%2Fbar#0', + operationId: 'get-bar', parameters: [ { description: 'The version of the API to use', @@ -154,7 +154,7 @@ export const sharedOas = { '/foo/{id}/{path*}': { get: { description: 'route description', - operationId: '%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#0', + operationId: 'get-foo-id-path', parameters: [ { description: 'The version of the API to use', @@ -278,7 +278,7 @@ export const sharedOas = { }, post: { description: 'route description', - operationId: '%2Ffoo%2F%7Bid%7D%2F%7Bpath*%7D#1', + operationId: 'post-foo-id-path', parameters: [ { description: 'The version of the API to use', diff --git a/packages/kbn-router-to-openapispec/src/generate_oas.ts b/packages/kbn-router-to-openapispec/src/generate_oas.ts index 8bc3333193624..9c7423147721b 100644 --- a/packages/kbn-router-to-openapispec/src/generate_oas.ts +++ b/packages/kbn-router-to-openapispec/src/generate_oas.ts @@ -10,10 +10,9 @@ import type { CoreVersionedRouter, Router } from '@kbn/core-http-router-server-internal'; import type { OpenAPIV3 } from 'openapi-types'; import { OasConverter } from './oas_converter'; -import { createOperationIdCounter } from './operation_id_counter'; import { processRouter } from './process_router'; import { processVersionedRouter } from './process_versioned_router'; -import { buildGlobalTags } from './util'; +import { buildGlobalTags, createOpIdGenerator } from './util'; export const openApiVersion = '3.0.0'; @@ -40,8 +39,8 @@ export const generateOpenApiDocument = ( ): OpenAPIV3.Document => { const { filters } = opts; const converter = new OasConverter(); - const getOpId = createOperationIdCounter(); const paths: OpenAPIV3.PathsObject = {}; + const getOpId = createOpIdGenerator(); for (const router of appRouters.routers) { const result = processRouter(router, converter, getOpId, filters); Object.assign(paths, result.paths); diff --git a/packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts b/packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts deleted file mode 100644 index dbc4bf5956d69..0000000000000 --- a/packages/kbn-router-to-openapispec/src/operation_id_counter.test.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -import { createOperationIdCounter } from './operation_id_counter'; - -test('empty case', () => { - const opIdCounter = createOperationIdCounter(); - expect(opIdCounter('')).toBe('#0'); -}); - -test('other cases', () => { - const opIdCounter = createOperationIdCounter(); - const tests = [ - ['/', '%2F#0'], - ['/api/cool', '%2Fapi%2Fcool#0'], - ['/api/cool', '%2Fapi%2Fcool#1'], - ['/api/cool', '%2Fapi%2Fcool#2'], - ['/api/cool/{variable}', '%2Fapi%2Fcool%2F%7Bvariable%7D#0'], - ['/api/cool/{optionalVariable?}', '%2Fapi%2Fcool%2F%7BoptionalVariable%3F%7D#0'], - ['/api/cool/{optionalVariable?}', '%2Fapi%2Fcool%2F%7BoptionalVariable%3F%7D#1'], - ]; - - tests.forEach(([input, expected]) => { - expect(opIdCounter(input)).toBe(expected); - }); -}); diff --git a/packages/kbn-router-to-openapispec/src/operation_id_counter.ts b/packages/kbn-router-to-openapispec/src/operation_id_counter.ts deleted file mode 100644 index 2d576b1ca67c3..0000000000000 --- a/packages/kbn-router-to-openapispec/src/operation_id_counter.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -export type OperationIdCounter = (name: string) => string; - -export const createOperationIdCounter = () => { - const operationIdCounters = new Map(); - return (name: string): string => { - name = encodeURIComponent(name); - // Aliases an operationId to ensure it is unique across - // multiple method+path combinations sharing a name. - // "search" -> "search#0", "search#1", etc. - const operationIdCount = operationIdCounters.get(name) ?? 0; - const aliasedName = name + '#' + operationIdCount.toString(); - operationIdCounters.set(name, operationIdCount + 1); - return aliasedName; - }; -}; diff --git a/packages/kbn-router-to-openapispec/src/process_router.test.ts b/packages/kbn-router-to-openapispec/src/process_router.test.ts index 96a10b25d648a..17191e7ab1b1c 100644 --- a/packages/kbn-router-to-openapispec/src/process_router.test.ts +++ b/packages/kbn-router-to-openapispec/src/process_router.test.ts @@ -10,9 +10,9 @@ import { schema } from '@kbn/config-schema'; import { Router } from '@kbn/core-http-router-server-internal'; import { OasConverter } from './oas_converter'; -import { createOperationIdCounter } from './operation_id_counter'; import { extractResponses, processRouter } from './process_router'; import { type InternalRouterRoute } from './type'; +import { createOpIdGenerator } from './util'; describe('extractResponses', () => { let oasConverter: OasConverter; @@ -86,18 +86,21 @@ describe('processRouter', () => { const testRouter = { getRoutes: () => [ { + method: 'get', path: '/foo', options: { access: 'internal', deprecated: true, discontinued: 'discontinued router' }, handler: jest.fn(), validationSchemas: { request: { body: schema.object({}) } }, }, { + method: 'get', path: '/bar', options: {}, handler: jest.fn(), validationSchemas: { request: { body: schema.object({}) } }, }, { + method: 'get', path: '/baz', options: {}, handler: jest.fn(), @@ -125,20 +128,20 @@ describe('processRouter', () => { } as unknown as Router; it('only provides routes for version 2023-10-31', () => { - const result1 = processRouter(testRouter, new OasConverter(), createOperationIdCounter(), { + const result1 = processRouter(testRouter, new OasConverter(), createOpIdGenerator(), { version: '2023-10-31', }); expect(Object.keys(result1.paths!)).toHaveLength(4); - const result2 = processRouter(testRouter, new OasConverter(), createOperationIdCounter(), { + const result2 = processRouter(testRouter, new OasConverter(), createOpIdGenerator(), { version: '2024-10-31', }); expect(Object.keys(result2.paths!)).toHaveLength(0); }); it('updates description with privileges required', () => { - const result = processRouter(testRouter, new OasConverter(), createOperationIdCounter(), { + const result = processRouter(testRouter, new OasConverter(), createOpIdGenerator(), { version: '2023-10-31', }); diff --git a/packages/kbn-router-to-openapispec/src/process_router.ts b/packages/kbn-router-to-openapispec/src/process_router.ts index c66e3ee0f7bbf..f096d2bb1ca32 100644 --- a/packages/kbn-router-to-openapispec/src/process_router.ts +++ b/packages/kbn-router-to-openapispec/src/process_router.ts @@ -24,8 +24,8 @@ import { mergeResponseContent, prepareRoutes, setXState, + GetOpId, } from './util'; -import type { OperationIdCounter } from './operation_id_counter'; import type { GenerateOpenApiDocumentOptionsFilters } from './generate_oas'; import type { CustomOperationObject, InternalRouterRoute } from './type'; import { extractAuthzDescription } from './extract_authz_description'; @@ -33,7 +33,7 @@ import { extractAuthzDescription } from './extract_authz_description'; export const processRouter = ( appRouter: Router, converter: OasConverter, - getOpId: OperationIdCounter, + getOpId: GetOpId, filters?: GenerateOpenApiDocumentOptionsFilters ) => { const paths: OpenAPIV3.PathsObject = {}; @@ -89,7 +89,7 @@ export const processRouter = ( : undefined, responses: extractResponses(route, converter), parameters, - operationId: getOpId(route.path), + operationId: getOpId({ path: route.path, method: route.method }), }; setXState(route.options.availability, operation); diff --git a/packages/kbn-router-to-openapispec/src/process_versioned_router.test.ts b/packages/kbn-router-to-openapispec/src/process_versioned_router.test.ts index 3166b7f906985..c2eb872f1e225 100644 --- a/packages/kbn-router-to-openapispec/src/process_versioned_router.test.ts +++ b/packages/kbn-router-to-openapispec/src/process_versioned_router.test.ts @@ -8,18 +8,15 @@ */ import { schema } from '@kbn/config-schema'; -import type { - CoreVersionedRouter, - VersionedRouterRoute, -} from '@kbn/core-http-router-server-internal'; +import type { CoreVersionedRouter } from '@kbn/core-http-router-server-internal'; import { get } from 'lodash'; import { OasConverter } from './oas_converter'; -import { createOperationIdCounter } from './operation_id_counter'; import { processVersionedRouter, extractVersionedResponses, extractVersionedRequestBodies, } from './process_versioned_router'; +import { createOpIdGenerator } from './util'; let oasConverter: OasConverter; beforeEach(() => { @@ -127,7 +124,7 @@ describe('processVersionedRouter', () => { const baseCase = processVersionedRouter( { getRoutes: () => [createTestRoute()] } as unknown as CoreVersionedRouter, new OasConverter(), - createOperationIdCounter(), + createOpIdGenerator(), {} ); @@ -139,7 +136,7 @@ describe('processVersionedRouter', () => { const filteredCase = processVersionedRouter( { getRoutes: () => [createTestRoute()] } as unknown as CoreVersionedRouter, new OasConverter(), - createOperationIdCounter(), + createOpIdGenerator(), { version: '2023-10-31' } ); expect(Object.keys(get(filteredCase, 'paths["/foo"].get.responses.200.content')!)).toEqual([ @@ -151,7 +148,7 @@ describe('processVersionedRouter', () => { const results = processVersionedRouter( { getRoutes: () => [createTestRoute()] } as unknown as CoreVersionedRouter, new OasConverter(), - createOperationIdCounter(), + createOpIdGenerator(), {} ); expect(results.paths['/foo']).toBeDefined(); @@ -164,9 +161,10 @@ describe('processVersionedRouter', () => { }); }); -const createTestRoute: () => VersionedRouterRoute = () => ({ +const createTestRoute: () => any = () => ({ path: '/foo', method: 'get', + isVersioned: true, options: { access: 'public', deprecated: true, diff --git a/packages/kbn-router-to-openapispec/src/process_versioned_router.ts b/packages/kbn-router-to-openapispec/src/process_versioned_router.ts index c92b3a5736003..f0c45b82d1d81 100644 --- a/packages/kbn-router-to-openapispec/src/process_versioned_router.ts +++ b/packages/kbn-router-to-openapispec/src/process_versioned_router.ts @@ -19,7 +19,6 @@ import { extractAuthzDescription } from './extract_authz_description'; import type { GenerateOpenApiDocumentOptionsFilters } from './generate_oas'; import type { OasConverter } from './oas_converter'; import { isReferenceObject } from './oas_converter/common'; -import type { OperationIdCounter } from './operation_id_counter'; import { prepareRoutes, getPathParameters, @@ -31,12 +30,13 @@ import { mergeResponseContent, getXsrfHeaderForMethod, setXState, + GetOpId, } from './util'; export const processVersionedRouter = ( appRouter: CoreVersionedRouter, converter: OasConverter, - getOpId: OperationIdCounter, + getOpId: GetOpId, filters?: GenerateOpenApiDocumentOptionsFilters ) => { const routes = prepareRoutes(appRouter.getRoutes(), filters); @@ -120,7 +120,7 @@ export const processVersionedRouter = ( ? extractVersionedResponse(handler, converter, contentType) : extractVersionedResponses(route, converter, contentType), parameters, - operationId: getOpId(route.path), + operationId: getOpId({ path: route.path, method: route.method }), }; setXState(route.options.options?.availability, operation); diff --git a/packages/kbn-router-to-openapispec/src/util.test.ts b/packages/kbn-router-to-openapispec/src/util.test.ts index abbb605df79e5..f9692e57e1f50 100644 --- a/packages/kbn-router-to-openapispec/src/util.test.ts +++ b/packages/kbn-router-to-openapispec/src/util.test.ts @@ -15,6 +15,8 @@ import { mergeResponseContent, prepareRoutes, getPathParameters, + createOpIdGenerator, + GetOpId, } from './util'; import { assignToPaths, extractTags } from './util'; @@ -260,3 +262,83 @@ describe('getPathParameters', () => { expect(getPathParameters(input)).toEqual(output); }); }); + +describe('createOpIdGenerator', () => { + let getOpId: GetOpId; + beforeEach(() => { + getOpId = createOpIdGenerator(); + }); + test('empty', () => { + expect(() => getOpId({ method: '', path: '/asd' })).toThrow(/Must provide method and path/); + expect(() => getOpId({ method: 'get', path: '' })).toThrow(/Must provide method and path/); + expect(() => getOpId({ method: '', path: '' })).toThrow(/Must provide method and path/); + }); + test('disambiguate', () => { + expect(getOpId({ method: 'get', path: '/test' })).toBe('get-test'); + expect(getOpId({ method: 'get', path: '/test' })).toBe('get-test-2'); + expect(getOpId({ method: 'get', path: '/test' })).toBe('get-test-3'); + expect(getOpId({ method: 'get', path: '/test' })).toBe('get-test-4'); + }); + test.each([ + { input: { method: 'GET', path: '/api/file' }, output: 'get-file' }, + { input: { method: 'GET', path: '///api/file///' }, output: 'get-file' }, + { input: { method: 'POST', path: '/internal/api/file' }, output: 'post-file' }, + { input: { method: 'PUT', path: '/internal/file' }, output: 'put-file' }, + { input: { method: 'Put', path: 'fOO/fILe' }, output: 'put-foo-file' }, + { + input: { method: 'delete', path: '/api/my/really/cool/domain/resource' }, + output: 'delete-my-really-cool-domain-resource', + }, + { + input: { + method: 'delete', + path: '/api/my/really/cool/domain/resource', + }, + output: 'delete-my-really-cool-domain-resource', + }, + { + input: { + method: 'get', + path: '/api/my/resource/{id}', + }, + output: 'get-my-resource-id', + }, + { + input: { + method: 'get', + path: '/api/my/resource/{id}/{type?}', + }, + output: 'get-my-resource-id-type', + }, + { + input: { + method: 'get', + path: '/api/my/resource/{id?}', + }, + output: 'get-my-resource-id', + }, + { + input: { + method: 'get', + path: '/api/my/resource/{path*}', + }, + output: 'get-my-resource-path', + }, + { + input: { + method: 'get', + path: '/api/my/underscore_resource', + }, + output: 'get-my-underscore-resource', + }, + { + input: { + method: 'get', + path: '/api/my/_underscore_resource', + }, + output: 'get-my-underscore-resource', + }, + ])('$input.method $input.path -> $output', ({ input, output }) => { + expect(getOpId(input)).toBe(output); + }); +}); diff --git a/packages/kbn-router-to-openapispec/src/util.ts b/packages/kbn-router-to-openapispec/src/util.ts index beefbebc0aec7..a5718fa92120f 100644 --- a/packages/kbn-router-to-openapispec/src/util.ts +++ b/packages/kbn-router-to-openapispec/src/util.ts @@ -166,10 +166,10 @@ export const getXsrfHeaderForMethod = ( ]; }; -export function setXState( +export const setXState = ( availability: RouteConfigOptions['availability'], operation: CustomOperationObject -): void { +): void => { if (availability) { if (availability.stability === 'experimental') { operation['x-state'] = 'Technical Preview'; @@ -178,4 +178,45 @@ export function setXState( operation['x-state'] = 'Beta'; } } -} +}; + +export type GetOpId = (input: { path: string; method: string }) => string; + +/** + * Best effort to generate operation IDs from route values + */ +export const createOpIdGenerator = (): GetOpId => { + const idMap = new Map(); + return function getOpId({ path, method }) { + if (!method || !path) { + throw new Error( + `Must provide method and path, received: method: "${method}", path: "${path}"` + ); + } + + path = path + .trim() + .replace(/^[\/]+/, '') + .replace(/[\/]+$/, '') + .toLowerCase(); + + const removePrefixes = ['internal/api/', 'internal/', 'api/']; // longest to shortest + for (const prefix of removePrefixes) { + if (path.startsWith(prefix)) { + path = path.substring(prefix.length); + break; + } + } + + path = path + .replace(/[\{\}\?\*]/g, '') // remove special chars + .replace(/[\/_]/g, '-') // everything else to dashes + .replace(/[-]+/g, '-'); // single dashes + + const opId = `${method.toLowerCase()}-${path}`; + + const cachedCount = idMap.get(opId) ?? 0; + idMap.set(opId, cachedCount + 1); + return cachedCount > 0 ? `${opId}-${cachedCount + 1}` : opId; + }; +}; From 03ffef10dabca28d1351a414f4c731a5062484c9 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 31 Oct 2024 15:42:54 +0000 Subject: [PATCH 2/4] [CI] Auto-commit changed files from 'node scripts/capture_oas_snapshot --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --update --no-serverless' --- oas_docs/bundle.json | 43739 +++++------------------------------------ 1 file changed, 4771 insertions(+), 38968 deletions(-) diff --git a/oas_docs/bundle.json b/oas_docs/bundle.json index 1bf61ba293cb7..a0469257cacd2 100644 --- a/oas_docs/bundle.json +++ b/oas_docs/bundle.json @@ -344,10 +344,10 @@ }, "openapi": "3.0.0", "paths": { - "/api/actions/connector/{id}": { - "delete": { - "description": "WARNING: When you delete a connector, it cannot be recovered.", - "operationId": "delete-actions-connector-id", + "/api/actions": { + "get": { + "deprecated": true, + "operationId": "get-actions", "parameters": [ { "description": "The version of the API to use", @@ -360,39 +360,19 @@ ], "type": "string" } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } } ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Delete a connector", + "responses": {}, + "summary": "Get all connectors", "tags": [ "connectors" ] - }, - "get": { - "operationId": "get-actions-connector-id", + } + }, + "/api/actions/action": { + "post": { + "deprecated": true, + "operationId": "post-actions-action", "parameters": [ { "description": "The version of the API to use", @@ -407,15 +387,50 @@ } }, { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", "required": true, "schema": { + "example": "true", "type": "string" } } ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actionTypeId": { + "description": "The connector type identifier.", + "type": "string" + }, + "config": { + "additionalProperties": {}, + "default": {}, + "type": "object" + }, + "name": { + "description": "The display name for the connector.", + "type": "string" + }, + "secrets": { + "additionalProperties": {}, + "default": {}, + "type": "object" + } + }, + "required": [ + "name", + "actionTypeId" + ], + "type": "object" + } + } + } + }, "responses": { "200": { "content": { @@ -471,13 +486,17 @@ "description": "Indicates a successful call." } }, - "summary": "Get connector information", + "summary": "Create a connector", "tags": [ "connectors" ] - }, - "post": { - "operationId": "post-actions-connector-id", + } + }, + "/api/actions/action/{id}": { + "delete": { + "deprecated": true, + "description": "WARNING: When you delete a connector, it cannot be recovered.", + "operationId": "delete-actions-action-id", "parameters": [ { "description": "The version of the API to use", @@ -505,46 +524,48 @@ "description": "An identifier for the connector.", "in": "path", "name": "id", - "required": false, + "required": true, "schema": { "type": "string" } } ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector.", - "type": "string" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name", - "connector_type_id" - ], - "type": "object" - } - } + "responses": { + "204": { + "description": "Indicates a successful call." } }, + "summary": "Delete a connector", + "tags": [ + "connectors" + ] + }, + "get": { + "deprecated": true, + "operationId": "get-actions-action-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], "responses": { "200": { "content": { @@ -600,13 +621,14 @@ "description": "Indicates a successful call." } }, - "summary": "Create a connector", + "summary": "Get connector information", "tags": [ "connectors" ] }, "put": { - "operationId": "put-actions-connector-id", + "deprecated": true, + "operationId": "put-actions-action-id", "parameters": [ { "description": "The version of the API to use", @@ -652,7 +674,6 @@ "type": "object" }, "name": { - "description": "The display name for the connector.", "type": "string" }, "secrets": { @@ -730,10 +751,10 @@ ] } }, - "/api/actions/connector/{id}/_execute": { + "/api/actions/action/{id}/_execute": { "post": { - "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", - "operationId": "post-actions-connector-id-execute", + "deprecated": true, + "operationId": "post-actions-action-id-execute", "parameters": [ { "description": "The version of the API to use", @@ -847,67 +868,10 @@ ] } }, - "/api/actions/connector_types": { - "get": { - "description": "You do not need any Kibana feature privileges to run this API.", - "operationId": "get-actions-connector-types", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", - "in": "query", - "name": "feature_id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get connector types", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connectors": { - "get": { - "operationId": "get-actions-connectors", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get all connectors", - "tags": [ - "connectors" - ] - } - }, - "/api/alerting/rule/{id}": { + "/api/actions/connector/{id}": { "delete": { - "operationId": "delete-alerting-rule-id", + "description": "WARNING: When you delete a connector, it cannot be recovered.", + "operationId": "delete-actions-connector-id", "parameters": [ { "description": "The version of the API to use", @@ -932,7 +896,7 @@ } }, { - "description": "The identifier for the rule.", + "description": "An identifier for the connector.", "in": "path", "name": "id", "required": true, @@ -944,24 +908,15 @@ "responses": { "204": { "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." } }, - "summary": "Delete a rule", + "summary": "Delete a connector", "tags": [ - "alerting" + "connectors" ] }, "get": { - "operationId": "get-alerting-rule-id", + "operationId": "get-actions-connector-id", "parameters": [ { "description": "The version of the API to use", @@ -976,7 +931,7 @@ } }, { - "description": "The identifier for the rule.", + "description": "An identifier for the connector.", "in": "path", "name": "id", "required": true, @@ -992,33732 +947,516 @@ "schema": { "additionalProperties": false, "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], + "config": { + "additionalProperties": {}, "type": "object" }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, + "connector_type_id": { + "description": "The connector type identifier.", "type": "string" }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "id": { + "description": "The identifier for the connector.", "type": "string" }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", "type": "boolean" }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, + "name": { + "description": " The name of the rule.", "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Get rule details", - "tags": [ - "alerting" - ] - }, - "post": { - "operationId": "post-alerting-rule-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", - "in": "path", - "name": "id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "enabled": { - "default": true, - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "schedule": { - "additionalProperties": false, - "description": "The check interval, which specifies how frequently the rule conditions are checked.", - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "description": "The tags for the rule.", - "items": { - "type": "string" - }, - "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "rule_type_id", - "consumer", - "schedule" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "409": { - "description": "Indicates that the rule id is already in use." - } - }, - "summary": "Create a rule", - "tags": [ - "alerting" - ] - }, - "put": { - "operationId": "put-alerting-rule-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "schedule" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_disable": { - "post": { - "operationId": "post-alerting-rule-id-disable", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "untrack": { - "description": "Defines whether this rule's alerts should be untracked.", - "type": "boolean" - } - }, - "type": "object", - "x-oas-optional": true - } - } - } - }, - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Disable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_enable": { - "post": { - "operationId": "post-alerting-rule-id-enable", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Enable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_mute_all": { - "post": { - "operationId": "post-alerting-rule-id-mute-all", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Mute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_unmute_all": { - "post": { - "operationId": "post-alerting-rule-id-unmute-all", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Unmute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_update_api_key": { - "post": { - "operationId": "post-alerting-rule-id-update-api-key", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update the API key for a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { - "post": { - "operationId": "post-alerting-rule-rule-id-alert-alert-id-mute", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } - }, - "summary": "Mute an alert", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { - "post": { - "operationId": "post-alerting-rule-rule-id-alert-alert-id-unmute", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } - }, - "summary": "Unmute an alert", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rules/_find": { - "get": { - "operationId": "get-alerting-rules-find", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The number of rules to return per page.", - "in": "query", - "name": "per_page", - "required": false, - "schema": { - "default": 10, - "minimum": 0, - "type": "number" - } - }, - { - "description": "The page number to return.", - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "minimum": 1, - "type": "number" - } - }, - { - "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", - "in": "query", - "name": "search", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "The default operator to use for the simple_query_string.", - "in": "query", - "name": "default_search_operator", - "required": false, - "schema": { - "default": "OR", - "enum": [ - "OR", - "AND" - ], - "type": "string" - } - }, - { - "description": "The fields to perform the simple_query_string parsed query against.", - "in": "query", - "name": "search_fields", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", - "in": "query", - "name": "sort_field", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "Determines the sort order.", - "in": "query", - "name": "sort_order", - "required": false, - "schema": { - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - }, - { - "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", - "in": "query", - "name": "has_reference", - "required": false, - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "id": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type", - "id" - ], - "type": "object" - } - }, - { - "in": "query", - "name": "fields", - "required": false, - "schema": { - "items": { - "description": "The fields to return in the `attributes` key of the response.", - "type": "string" - }, - "type": "array" - } - }, - { - "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", - "in": "query", - "name": "filter", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "filter_consumers", - "required": false, - "schema": { - "items": { - "description": "List of consumers to filter.", - "type": "string" - }, - "type": "array" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - } - }, - "summary": "Get information about rules", - "tags": [ - "alerting" - ] - } - }, - "/api/fleet/agent-status": { - "get": { - "operationId": "get-fleet-agent-status-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "policyId", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "policyIds", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "deprecated": true, - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/agent_download_sources": { - "get": { - "description": "List agent binary download sources", - "operationId": "get-fleet-agent-download-sources", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - }, - "post": { - "description": "Create agent binary download source", - "operationId": "post-fleet-agent-download-sources", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "host" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - } - }, - "/api/fleet/agent_download_sources/{sourceId}": { - "delete": { - "description": "Delete agent binary download source by ID", - "operationId": "delete-fleet-agent-download-sources-sourceid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "sourceId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - }, - "get": { - "description": "Get agent binary download source by ID", - "operationId": "get-fleet-agent-download-sources-sourceid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "sourceId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - }, - "put": { - "description": "Update agent binary download source by ID", - "operationId": "put-fleet-agent-download-sources-sourceid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "sourceId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "host" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - } - }, - "/api/fleet/agent_policies": { - "get": { - "description": "List agent policies", - "operationId": "get-fleet-agent-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "sortField", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "enum": [ - "desc", - "asc" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "showUpgradeable", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "use withAgentCount instead", - "in": "query", - "name": "noAgentCount", - "required": false, - "schema": { - "deprecated": true, - "type": "boolean" - } - }, - { - "description": "get policies with agent count", - "in": "query", - "name": "withAgentCount", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "description": "get full policies with package policies populated", - "in": "query", - "name": "full", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - }, - "post": { - "description": "Create an agent policy", - "operationId": "post-fleet-agent-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "sys_monitoring", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "force": { - "type": "boolean" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_protected": { - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/_bulk_get": { - "post": { - "description": "Bulk get agent policies", - "operationId": "post-fleet-agent-policies-bulk-get", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "full": { - "description": "get full policies with package policies populated", - "type": "boolean" - }, - "ids": { - "description": "list of package policy ids", - "items": { - "type": "string" - }, - "type": "array" - }, - "ignoreMissing": { - "type": "boolean" - } - }, - "required": [ - "ids" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/delete": { - "post": { - "description": "Delete agent policy by ID", - "operationId": "post-fleet-agent-policies-delete", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agentPolicyId": { - "type": "string" - }, - "force": { - "description": "bypass validation checks that can prevent agent policy deletion", - "type": "boolean" - } - }, - "required": [ - "agentPolicyId" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/outputs": { - "post": { - "description": "Get list of outputs associated with agent policies", - "operationId": "post-fleet-agent-policies-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "ids": { - "description": "list of package policy ids", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "ids" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "agentPolicyId": { - "type": "string" - }, - "data": { - "additionalProperties": false, - "properties": { - "integrations": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "integrationPolicyName": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pkgName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "properties": { - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - } - }, - "required": [ - "monitoring", - "data" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}": { - "get": { - "description": "Get an agent policy by ID", - "operationId": "get-fleet-agent-policies-agentpolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - }, - "put": { - "description": "Update an agent policy by ID", - "operationId": "put-fleet-agent-policies-agentpolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "force": { - "type": "boolean" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_protected": { - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/copy": { - "post": { - "description": "Copy an agent policy by ID", - "operationId": "post-fleet-agent-policies-agentpolicyid-copy", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "name": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/download": { - "get": { - "description": "Download an agent policy by ID", - "operationId": "get-fleet-agent-policies-agentpolicyid-download", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "standalone", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kubernetes", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "type": "string" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/full": { - "get": { - "description": "Get a full agent policy by ID", - "operationId": "get-fleet-agent-policies-agentpolicyid-full", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "standalone", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kubernetes", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "type": "string" - }, - { - "additionalProperties": false, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "download": { - "additionalProperties": false, - "properties": { - "sourceURI": { - "type": "string" - } - }, - "required": [ - "sourceURI" - ], - "type": "object" - }, - "features": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "logs": { - "type": "boolean" - }, - "metrics": { - "type": "boolean" - }, - "namespace": { - "type": "string" - }, - "traces": { - "type": "boolean" - }, - "use_output": { - "type": "string" - } - }, - "required": [ - "enabled", - "metrics", - "logs", - "traces" - ], - "type": "object" - }, - "protection": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "signing_key": { - "type": "string" - }, - "uninstall_token_hash": { - "type": "string" - } - }, - "required": [ - "enabled", - "uninstall_token_hash", - "signing_key" - ], - "type": "object" - } - }, - "required": [ - "monitoring", - "download", - "features" - ], - "type": "object" - }, - "fleet": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "proxy_headers": {}, - "proxy_url": { - "type": "string" - }, - "ssl": { - "additionalProperties": false, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "renegotiation": { - "type": "string" - }, - "verification_mode": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "hosts", - "proxy_headers" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "kibana": { - "additionalProperties": false, - "properties": { - "hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "path": { - "type": "string" - }, - "protocol": { - "type": "string" - } - }, - "required": [ - "hosts", - "protocol" - ], - "type": "object" - } - }, - "required": [ - "kibana" - ], - "type": "object" - } - ] - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "namespace": { - "type": "string" - } - }, - "required": [ - "namespace" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "meta": { - "additionalProperties": true, - "properties": { - "package": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - } - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "package_policy_id": { - "type": "string" - }, - "processors": { - "items": { - "additionalProperties": true, - "properties": { - "add_fields": { - "additionalProperties": true, - "properties": { - "fields": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - }, - "type": "object" - }, - "target": { - "type": "string" - } - }, - "required": [ - "target", - "fields" - ], - "type": "object" - } - }, - "required": [ - "add_fields" - ], - "type": "object" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "streams": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "dataset": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset" - ], - "type": "object" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "data_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "use_output": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "revision", - "type", - "data_stream", - "use_output", - "package_policy_id" - ], - "type": "object" - }, - "type": "array" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "output_permissions": { - "additionalProperties": { - "additionalProperties": {}, - "type": "object" - }, - "type": "object" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": true, - "properties": { - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "proxy_headers": {}, - "proxy_url": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type", - "proxy_headers" - ], - "type": "object" - }, - "type": "object" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "signed": { - "additionalProperties": false, - "properties": { - "data": { - "type": "string" - }, - "signature": { - "type": "string" - } - }, - "required": [ - "data", - "signature" - ], - "type": "object" - } - }, - "required": [ - "id", - "outputs", - "inputs" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/outputs": { - "get": { - "description": "Get list of outputs associated with agent policy by policy id", - "operationId": "get-fleet-agent-policies-agentpolicyid-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agentPolicyId": { - "type": "string" - }, - "data": { - "additionalProperties": false, - "properties": { - "integrations": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "integrationPolicyName": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pkgName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "properties": { - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - } - }, - "required": [ - "monitoring", - "data" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_status": { - "get": { - "description": "Get agent status summary", - "operationId": "get-fleet-agent-status", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "policyId", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "policyIds", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "deprecated": true, - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "results": { - "additionalProperties": false, - "properties": { - "active": { - "type": "number" - }, - "all": { - "type": "number" - }, - "error": { - "type": "number" - }, - "events": { - "type": "number" - }, - "inactive": { - "type": "number" - }, - "offline": { - "type": "number" - }, - "online": { - "type": "number" - }, - "other": { - "type": "number" - }, - "total": { - "deprecated": true, - "type": "number" - }, - "unenrolled": { - "type": "number" - }, - "updating": { - "type": "number" - } - }, - "required": [ - "events", - "total", - "online", - "error", - "offline", - "other", - "updating", - "inactive", - "unenrolled", - "all", - "active" - ], - "type": "object" - } - }, - "required": [ - "results" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent status" - ] - } - }, - "/api/fleet/agent_status/data": { - "get": { - "description": "Get incoming agent data", - "operationId": "get-fleet-agent-status-data", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "agentsIds", - "required": true, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "in": "query", - "name": "previewData", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "dataPreview": { - "items": {}, - "type": "array" - }, - "items": { - "items": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "data": { - "type": "boolean" - } - }, - "required": [ - "data" - ], - "type": "object" - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items", - "dataPreview" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents": { - "get": { - "description": "List agents", - "operationId": "get-fleet-agents", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "showInactive", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "withMetrics", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "showUpgradeable", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "getStatusSummary", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "sortField", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - }, - "type": "array" - }, - "list": { - "deprecated": true, - "items": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "statusSummary": { - "additionalProperties": { - "type": "number" - }, - "type": "object" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "post": { - "description": "List agents by action ids", - "operationId": "post-fleet-agents", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionIds": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "actionIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/action_status": { - "get": { - "description": "Get agent action status", - "operationId": "get-fleet-agents-action-status", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 0, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "date", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "latest", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "errorSize", - "required": false, - "schema": { - "default": 5, - "type": "number" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - }, - "cancellationTime": { - "type": "string" - }, - "completionTime": { - "type": "string" - }, - "creationTime": { - "description": "creation time of action", - "type": "string" - }, - "expiration": { - "type": "string" - }, - "hasRolloutPeriod": { - "type": "boolean" - }, - "latestErrors": { - "items": { - "additionalProperties": false, - "description": "latest errors that happened when the agents executed the action", - "properties": { - "agentId": { - "type": "string" - }, - "error": { - "type": "string" - }, - "hostname": { - "type": "string" - }, - "timestamp": { - "type": "string" - } - }, - "required": [ - "agentId", - "error", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "nbAgentsAck": { - "description": "number of agents that acknowledged the action", - "type": "number" - }, - "nbAgentsActionCreated": { - "description": "number of agents included in action from kibana", - "type": "number" - }, - "nbAgentsActioned": { - "description": "number of agents actioned", - "type": "number" - }, - "nbAgentsFailed": { - "description": "number of agents that failed to execute the action", - "type": "number" - }, - "newPolicyId": { - "description": "new policy id (POLICY_REASSIGN action)", - "type": "string" - }, - "policyId": { - "description": "policy id (POLICY_CHANGE action)", - "type": "string" - }, - "revision": { - "description": "new policy revision (POLICY_CHANGE action)", - "type": "number" - }, - "startTime": { - "description": "start time of action (scheduled actions)", - "type": "string" - }, - "status": { - "enum": [ - "COMPLETE", - "EXPIRED", - "CANCELLED", - "FAILED", - "IN_PROGRESS", - "ROLLOUT_PASSED" - ], - "type": "string" - }, - "type": { - "enum": [ - "UPGRADE", - "UNENROLL", - "SETTINGS", - "POLICY_REASSIGN", - "CANCEL", - "FORCE_UNENROLL", - "REQUEST_DIAGNOSTICS", - "UPDATE_TAGS", - "POLICY_CHANGE", - "INPUT_ACTION" - ], - "type": "string" - }, - "version": { - "description": "agent version number (UPGRADE action)", - "type": "string" - } - }, - "required": [ - "actionId", - "nbAgentsActionCreated", - "nbAgentsAck", - "nbAgentsFailed", - "type", - "nbAgentsActioned", - "status", - "creationTime" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/actions/{actionId}/cancel": { - "post": { - "description": "Cancel agent action", - "operationId": "post-fleet-agents-actions-actionid-cancel", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "actionId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "ack_data": {}, - "agents": { - "items": { - "type": "string" - }, - "type": "array" - }, - "created_at": { - "type": "string" - }, - "data": {}, - "expiration": { - "type": "string" - }, - "id": { - "type": "string" - }, - "minimum_execution_duration": { - "type": "number" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "rollout_duration_seconds": { - "type": "number" - }, - "sent_at": { - "type": "string" - }, - "source_uri": { - "type": "string" - }, - "start_time": { - "type": "string" - }, - "total": { - "type": "number" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type", - "data", - "created_at", - "ack_data", - "agents" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/available_versions": { - "get": { - "description": "Get available agent versions", - "operationId": "get-fleet-agents-available-versions", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/bulk_reassign": { - "post": { - "description": "Bulk reassign agents", - "operationId": "post-fleet-agents-bulk-reassign", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "includeInactive": { - "default": false, - "type": "boolean" - }, - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id", - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_request_diagnostics": { - "post": { - "description": "Bulk request diagnostics from agents", - "operationId": "post-fleet-agents-bulk-request-diagnostics", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "additional_metrics": { - "items": { - "enum": [ - "CPU" - ], - "type": "string" - }, - "type": "array" - }, - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - } - }, - "required": [ - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_unenroll": { - "post": { - "description": "Bulk unenroll agents", - "operationId": "post-fleet-agents-bulk-unenroll", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "description": "KQL query string, leave empty to action all agents", - "type": "string" - }, - "type": "array" - }, - { - "description": "list of agent IDs", - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "force": { - "description": "Unenrolls hosted agents too", - "type": "boolean" - }, - "includeInactive": { - "description": "When passing agents by KQL query, unenrolls inactive agents too", - "type": "boolean" - }, - "revoke": { - "description": "Revokes API keys of agents", - "type": "boolean" - } - }, - "required": [ - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_update_agent_tags": { - "post": { - "description": "Bulk update agent tags", - "operationId": "post-fleet-agents-bulk-update-agent-tags", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "includeInactive": { - "default": false, - "type": "boolean" - }, - "tagsToAdd": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tagsToRemove": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_upgrade": { - "post": { - "description": "Bulk upgrade agents", - "operationId": "post-fleet-agents-bulk-upgrade", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "force": { - "type": "boolean" - }, - "includeInactive": { - "default": false, - "type": "boolean" - }, - "rollout_duration_seconds": { - "minimum": 600, - "type": "number" - }, - "skipRateLimitCheck": { - "type": "boolean" - }, - "source_uri": { - "type": "string" - }, - "start_time": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "agents", - "version" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/files/{fileId}": { - "delete": { - "description": "Delete file uploaded by agent", - "operationId": "delete-fleet-agents-files-fileid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "fileId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "deleted": { - "type": "boolean" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "deleted" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/files/{fileId}/{fileName}": { - "get": { - "description": "Get file uploaded by agent", - "operationId": "get-fleet-agents-files-fileid-filename", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "fileId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "fileName", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/setup": { - "get": { - "description": "Get agent setup info", - "operationId": "get-fleet-agents-setup", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.", - "properties": { - "isReady": { - "type": "boolean" - }, - "is_secrets_storage_enabled": { - "type": "boolean" - }, - "is_space_awareness_enabled": { - "type": "boolean" - }, - "missing_optional_features": { - "items": { - "enum": [ - "encrypted_saved_object_encryption_key_required" - ], - "type": "string" - }, - "type": "array" - }, - "missing_requirements": { - "items": { - "enum": [ - "security_required", - "tls_required", - "api_keys", - "fleet_admin_user", - "fleet_server" - ], - "type": "string" - }, - "type": "array" - }, - "package_verification_key_id": { - "type": "string" - } - }, - "required": [ - "isReady", - "missing_requirements", - "missing_optional_features" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "post": { - "description": "Initiate agent setup", - "operationId": "post-fleet-agents-setup", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", - "properties": { - "isInitialized": { - "type": "boolean" - }, - "nonFatalErrors": { - "items": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "isInitialized", - "nonFatalErrors" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/tags": { - "get": { - "description": "List agent tags", - "operationId": "get-fleet-agents-tags", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "showInactive", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/{agentId}": { - "delete": { - "description": "Delete agent by ID", - "operationId": "delete-fleet-agents-agentid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "enum": [ - "deleted" - ], - "type": "string" - } - }, - "required": [ - "action" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "get": { - "description": "Get agent by ID", - "operationId": "get-fleet-agents-agentid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "withMetrics", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "put": { - "description": "Update agent by ID", - "operationId": "put-fleet-agents-agentid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/{agentId}/actions": { - "post": { - "description": "Create agent action", - "operationId": "post-fleet-agents-agentid-actions", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "ack_data": {}, - "data": {}, - "type": { - "enum": [ - "UNENROLL", - "UPGRADE", - "POLICY_REASSIGN" - ], - "type": "string" - } - }, - "required": [ - "type", - "data", - "ack_data" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "data": { - "additionalProperties": false, - "properties": { - "log_level": { - "enum": [ - "debug", - "info", - "warning", - "error" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "log_level" - ], - "type": "object" - }, - "type": { - "enum": [ - "SETTINGS" - ], - "type": "string" - } - }, - "required": [ - "type", - "data" - ], - "type": "object" - } - ] - } - }, - "required": [ - "action" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "ack_data": {}, - "agents": { - "items": { - "type": "string" - }, - "type": "array" - }, - "created_at": { - "type": "string" - }, - "data": {}, - "expiration": { - "type": "string" - }, - "id": { - "type": "string" - }, - "minimum_execution_duration": { - "type": "number" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "rollout_duration_seconds": { - "type": "number" - }, - "sent_at": { - "type": "string" - }, - "source_uri": { - "type": "string" - }, - "start_time": { - "type": "string" - }, - "total": { - "type": "number" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type", - "data", - "created_at", - "ack_data", - "agents" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/reassign": { - "post": { - "description": "Reassign agent", - "operationId": "post-fleet-agents-agentid-reassign", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": {}, - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - }, - "put": { - "operationId": "put-fleet-agents-agentid-reassign", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/agents/{agentId}/request_diagnostics": { - "post": { - "description": "Request agent diagnostics", - "operationId": "post-fleet-agents-agentid-request-diagnostics", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "additional_metrics": { - "items": { - "enum": [ - "CPU" - ], - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/unenroll": { - "post": { - "description": "Unenroll agent", - "operationId": "post-fleet-agents-agentid-unenroll", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - }, - "revoke": { - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/upgrade": { - "post": { - "description": "Upgrade agent", - "operationId": "post-fleet-agents-agentid-upgrade", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "force": { - "type": "boolean" - }, - "skipRateLimitCheck": { - "type": "boolean" - }, - "source_uri": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "version" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": {}, - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/uploads": { - "get": { - "description": "List agent uploads", - "operationId": "get-fleet-agents-agentid-uploads", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - }, - "createTime": { - "type": "string" - }, - "error": { - "type": "string" - }, - "filePath": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "status": { - "enum": [ - "READY", - "AWAITING_UPLOAD", - "DELETED", - "EXPIRED", - "IN_PROGRESS", - "FAILED" - ], - "type": "string" - } - }, - "required": [ - "id", - "name", - "filePath", - "createTime", - "status", - "actionId" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/check-permissions": { - "get": { - "description": "Check permissions", - "operationId": "get-fleet-check-permissions", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "fleetServerSetup", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "error": { - "enum": [ - "MISSING_SECURITY", - "MISSING_PRIVILEGES", - "MISSING_FLEET_SERVER_SETUP_PRIVILEGES" - ], - "type": "string" - }, - "success": { - "type": "boolean" - } - }, - "required": [ - "success" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/data_streams": { - "get": { - "description": "List data streams", - "operationId": "get-fleet-data-streams", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "data_streams": { - "items": { - "additionalProperties": false, - "properties": { - "dashboards": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "id", - "title" - ], - "type": "object" - }, - "type": "array" - }, - "dataset": { - "type": "string" - }, - "index": { - "type": "string" - }, - "last_activity_ms": { - "type": "number" - }, - "namespace": { - "type": "string" - }, - "package": { - "type": "string" - }, - "package_version": { - "type": "string" - }, - "serviceDetails": { - "additionalProperties": false, - "nullable": true, - "properties": { - "environment": { - "type": "string" - }, - "serviceName": { - "type": "string" - } - }, - "required": [ - "environment", - "serviceName" - ], - "type": "object" - }, - "size_in_bytes": { - "type": "number" - }, - "size_in_bytes_formatted": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - } - ] - }, - "type": { - "type": "string" - } - }, - "required": [ - "index", - "dataset", - "namespace", - "type", - "package", - "package_version", - "last_activity_ms", - "size_in_bytes", - "size_in_bytes_formatted", - "dashboards", - "serviceDetails" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "data_streams" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Data streams" - ] - } - }, - "/api/fleet/enrollment-api-keys": { - "get": { - "operationId": "get-fleet-enrollment-api-keys-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - }, - "post": { - "operationId": "post-fleet-enrollment-api-keys-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "expiration": { - "type": "string" - }, - "name": { - "type": "string" - }, - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/enrollment-api-keys/{keyId}": { - "delete": { - "operationId": "delete-fleet-enrollment-api-keys-keyid-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - }, - "get": { - "operationId": "get-fleet-enrollment-api-keys-keyid-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/enrollment_api_keys": { - "get": { - "description": "List enrollment API keys", - "operationId": "get-fleet-enrollment-api-keys", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - }, - "type": "array" - }, - "list": { - "deprecated": true, - "items": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage", - "list" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - }, - "post": { - "description": "Create enrollment API key", - "operationId": "post-fleet-enrollment-api-keys", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "expiration": { - "type": "string" - }, - "name": { - "type": "string" - }, - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "enum": [ - "created" - ], - "type": "string" - }, - "item": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - } - }, - "required": [ - "item", - "action" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - } - }, - "/api/fleet/enrollment_api_keys/{keyId}": { - "delete": { - "description": "Revoke enrollment API key by ID by marking it as inactive", - "operationId": "delete-fleet-enrollment-api-keys-keyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "enum": [ - "deleted" - ], - "type": "string" - } - }, - "required": [ - "action" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - }, - "get": { - "description": "Get enrollment API key by ID", - "operationId": "get-fleet-enrollment-api-keys-keyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - } - }, - "/api/fleet/epm/bulk_assets": { - "post": { - "description": "Bulk get assets", - "operationId": "post-fleet-epm-bulk-assets", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "assetIds": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "assetIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "appLink": { - "type": "string" - }, - "attributes": { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "service": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "type": "object" - }, - "id": { - "type": "string" - }, - "type": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - }, - "required": [ - "id", - "type", - "attributes" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/categories": { - "get": { - "description": "List package categories", - "operationId": "get-fleet-epm-categories", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "experimental", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "include_policy_templates", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "count": { - "type": "number" - }, - "id": { - "type": "string" - }, - "parent_id": { - "type": "string" - }, - "parent_title": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "id", - "title", - "count" - ], - "type": "object" - }, - "type": "array" - }, - "response": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "count": { - "type": "number" - }, - "id": { - "type": "string" - }, - "parent_id": { - "type": "string" - }, - "parent_title": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "id", - "title", - "count" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/custom_integrations": { - "post": { - "description": "Create custom integration", - "operationId": "post-fleet-epm-custom-integrations", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "datasets": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "type": { - "enum": [ - "logs", - "metrics", - "traces", - "synthetics", - "profiling" - ], - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "force": { - "type": "boolean" - }, - "integrationName": { - "type": "string" - } - }, - "required": [ - "integrationName", - "datasets" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_meta": { - "additionalProperties": false, - "properties": { - "install_source": { - "type": "string" - } - }, - "required": [ - "install_source" - ], - "type": "object" - }, - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items", - "_meta" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/data_streams": { - "get": { - "description": "List data streams", - "operationId": "get-fleet-epm-data-streams", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "type", - "required": false, - "schema": { - "enum": [ - "logs", - "metrics", - "traces", - "synthetics", - "profiling" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "datasetQuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "default": "asc", - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "uncategorisedOnly", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Data streams" - ] - } - }, - "/api/fleet/epm/packages": { - "get": { - "description": "List packages", - "operationId": "get-fleet-epm-packages", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "category", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "experimental", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "excludeInstallStatus", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": true, - "properties": { - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "id": { - "type": "string" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "integration": { - "type": "string" - }, - "internal": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "name": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "id" - ], - "type": "object" - }, - "type": "array" - }, - "response": { - "items": { - "additionalProperties": true, - "deprecated": true, - "properties": { - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "id": { - "type": "string" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "integration": { - "type": "string" - }, - "internal": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "name": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "id" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "post": { - "description": "Install package by upload", - "operationId": "post-fleet-epm-packages", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "ignoreMappingUpdateErrors", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "skipDataStreamRollover", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { - "schema": { - "format": "binary", - "type": "string" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_meta": { - "additionalProperties": false, - "properties": { - "install_source": { - "type": "string" - } - }, - "required": [ - "install_source" - ], - "type": "object" - }, - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items", - "_meta" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/_bulk": { - "post": { - "description": "Bulk install packages", - "operationId": "post-fleet-epm-packages-bulk", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "force": { - "default": false, - "type": "boolean" - }, - "packages": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "prerelease": { - "type": "boolean" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - } - ] - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "packages" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "result": { - "additionalProperties": false, - "properties": { - "assets": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "error": {}, - "installSource": { - "type": "string" - }, - "installType": { - "type": "string" - }, - "status": { - "enum": [ - "installed", - "already_installed" - ], - "type": "string" - } - }, - "required": [ - "error", - "installType" - ], - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version", - "result" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "error": { - "anyOf": [ - { - "type": "string" - }, - {} - ] - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "name", - "statusCode", - "error" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "result": { - "additionalProperties": false, - "properties": { - "assets": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "error": {}, - "installSource": { - "type": "string" - }, - "installType": { - "type": "string" - }, - "status": { - "enum": [ - "installed", - "already_installed" - ], - "type": "string" - } - }, - "required": [ - "error", - "installType" - ], - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version", - "result" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "error": { - "anyOf": [ - { - "type": "string" - }, - {} - ] - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "name", - "statusCode", - "error" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/installed": { - "get": { - "description": "Get installed packages", - "operationId": "get-fleet-epm-packages-installed", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "dataStreamType", - "required": false, - "schema": { - "enum": [ - "logs", - "metrics", - "traces", - "synthetics", - "profiling" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "showOnlyActiveDataStreams", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "nameQuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "searchAfter", - "required": false, - "schema": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - }, - "type": "array" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 15, - "type": "number" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "default": "asc", - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "dataStreams": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "name", - "title" - ], - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version", - "status", - "dataStreams" - ], - "type": "object" - }, - "type": "array" - }, - "searchAfter": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - }, - { - "type": "boolean" - }, - { - "enum": [], - "nullable": true - }, - {} - ] - }, - "type": "array" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/limited": { - "get": { - "description": "Get limited package list", - "operationId": "get-fleet-epm-packages-limited", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/stats": { - "get": { - "description": "Get package stats", - "operationId": "get-fleet-epm-packages-pkgname-stats", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "response": { - "additionalProperties": false, - "properties": { - "agent_policy_count": { - "type": "number" - } - }, - "required": [ - "agent_policy_count" - ], - "type": "object" - } - }, - "required": [ - "response" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/{pkgVersion}": { - "delete": { - "description": "Delete package", - "operationId": "delete-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "force", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - } - }, - "required": [ - "force" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "get": { - "description": "Get package", - "operationId": "get-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "ignoreUnverified", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "full", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "withMetadata", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "has_policies": { - "type": "boolean" - } - }, - "required": [ - "has_policies" - ], - "type": "object" - }, - "response": { - "additionalProperties": true, - "deprecated": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "post": { - "description": "Install package from registry", - "operationId": "post-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "ignoreMappingUpdateErrors", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "skipDataStreamRollover", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "default": false, - "type": "boolean" - }, - "ignore_constraints": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_meta": { - "additionalProperties": false, - "properties": { - "install_source": { - "type": "string" - } - }, - "required": [ - "install_source" - ], - "type": "object" - }, - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items", - "_meta" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "put": { - "description": "Update package settings", - "operationId": "put-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "keepPoliciesUpToDate": { - "type": "boolean" - } - }, - "required": [ - "keepPoliciesUpToDate" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - }, - "response": { - "additionalProperties": true, - "deprecated": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize": { - "post": { - "description": "Authorize transforms", - "operationId": "post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "transforms": { - "items": { - "additionalProperties": false, - "properties": { - "transformId": { - "type": "string" - } - }, - "required": [ - "transformId" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "transforms" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "error": { - "nullable": true - }, - "success": { - "type": "boolean" - }, - "transformId": { - "type": "string" - } - }, - "required": [ - "transformId", - "success", - "error" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}": { - "get": { - "description": "Get package file", - "operationId": "get-fleet-epm-packages-pkgname-pkgversion-filepath", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "filePath", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": {} - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgkey}": { - "delete": { - "operationId": "delete-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - } - }, - "required": [ - "force" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - }, - "get": { - "operationId": "get-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "ignoreUnverified", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "full", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "withMetadata", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - }, - "post": { - "operationId": "post-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "ignoreMappingUpdateErrors", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "skipDataStreamRollover", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - } - }, - "required": [ - "force" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - }, - "put": { - "operationId": "put-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "keepPoliciesUpToDate": { - "type": "boolean" - } - }, - "required": [ - "keepPoliciesUpToDate" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": { - "get": { - "description": "Get inputs template", - "operationId": "get-fleet-epm-templates-pkgname-pkgversion-inputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "default": "json", - "enum": [ - "json", - "yml", - "yaml" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "ignoreUnverified", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "type": "string" - }, - { - "additionalProperties": false, - "properties": { - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "dataset": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset" - ], - "type": "object" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "data_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "inputs" - ], - "type": "object" - } - ] - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/verification_key_id": { - "get": { - "description": "Get a package signature verification key ID", - "operationId": "get-fleet-epm-verification-key-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/fleet_server_hosts": { - "get": { - "description": "List Fleet Server hosts", - "operationId": "get-fleet-fleet-server-hosts", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - }, - "post": { - "description": "Create Fleet Server host", - "operationId": "post-fleet-fleet-server-hosts", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "host_urls" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - } - }, - "/api/fleet/fleet_server_hosts/{itemId}": { - "delete": { - "description": "Delete Fleet Server host by ID", - "operationId": "delete-fleet-fleet-server-hosts-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - }, - "get": { - "description": "Get Fleet Server host by ID", - "operationId": "get-fleet-fleet-server-hosts-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - }, - "put": { - "description": "Update Fleet Server host by ID", - "operationId": "put-fleet-fleet-server-hosts-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "is_default": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "proxy_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - } - }, - "/api/fleet/health_check": { - "post": { - "description": "Check Fleet Server health", - "operationId": "post-fleet-health-check", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "deprecated": true, - "type": "string" - }, - "host_id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/kubernetes": { - "get": { - "description": "Get full K8s agent manifest", - "operationId": "get-fleet-kubernetes", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "fleetServer", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "enrolToken", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "type": "string" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/kubernetes/download": { - "get": { - "operationId": "get-fleet-kubernetes-download", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "fleetServer", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "enrolToken", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "type": "string" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/logstash_api_keys": { - "post": { - "description": "Generate Logstash API key", - "operationId": "post-fleet-logstash-api-keys", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "api_key": { - "type": "string" - } - }, - "required": [ - "api_key" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/message_signing_service/rotate_key_pair": { - "post": { - "description": "Rotate fleet message signing key pair", - "operationId": "post-fleet-message-signing-service-rotate-key-pair", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "acknowledge", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "500": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Message Signing Service" - ] - } - }, - "/api/fleet/outputs": { - "get": { - "description": "List outputs", - "operationId": "get-fleet-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - }, - "post": { - "description": "Create output", - "operationId": "post-fleet-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": false, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": false, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": false, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/outputs/{outputId}": { - "delete": { - "description": "Delete output by ID", - "operationId": "delete-fleet-outputs-outputid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - }, - "get": { - "description": "Get output by ID", - "operationId": "get-fleet-outputs-outputid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - }, - "put": { - "description": "Update output by ID", - "operationId": "put-fleet-outputs-outputid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_default_monitoring": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_default_monitoring": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_default_monitoring": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": false, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": false, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": false, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "compression_level", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/outputs/{outputId}/health": { - "get": { - "description": "Get latest output health", - "operationId": "get-fleet-outputs-outputid-health", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "description": "long message if unhealthy", - "type": "string" - }, - "state": { - "description": "state of output, HEALTHY or DEGRADED", - "type": "string" - }, - "timestamp": { - "description": "timestamp of reported state", - "type": "string" - } - }, - "required": [ - "state", - "message", - "timestamp" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/package_policies": { - "get": { - "description": "List package policies", - "operationId": "get-fleet-package-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "sortField", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "enum": [ - "desc", - "asc" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "showUpgradeable", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "withAgentCount", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - }, - "post": { - "description": "Create package policy", - "operationId": "post-fleet-package-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "description": { - "description": "Package policy description", - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "force": { - "description": "Force package policy creation even if package is not verified, or if the agent policy is managed.", - "type": "boolean" - }, - "id": { - "description": "Package policy unique identifier", - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "inputs" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "force": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "package" - ], - "type": "object" - } - ], - "description": "You should use inputs as an object and not use the deprecated inputs array." - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], + } + }, + "required": [ + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Get connector information", + "tags": [ + "connectors" + ] + }, + "post": { + "operationId": "post-actions-connector-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "default": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector.", + "type": "string" + }, + "name": { + "description": "The display name for the connector.", + "type": "string" + }, + "secrets": { + "additionalProperties": {}, + "default": {}, + "type": "object" + } + }, + "required": [ + "name", + "connector_type_id" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector.", + "type": "string" + }, + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" } }, "required": [ - "item" + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" ], "type": "object" } } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Create a connector", + "tags": [ + "connectors" + ] + }, + "put": { + "operationId": "put-actions-connector-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" } }, - "400": { + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "config": { + "additionalProperties": {}, + "default": {}, + "type": "object" + }, + "name": { + "description": "The display name for the connector.", + "type": "string" + }, + "secrets": { + "additionalProperties": {}, + "default": {}, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { "additionalProperties": false, - "description": "Generic Error", "properties": { - "error": { + "config": { + "additionalProperties": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", "type": "string" }, - "message": { + "id": { + "description": "The identifier for the connector.", "type": "string" }, - "statusCode": { - "type": "number" + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" } }, "required": [ - "message" + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" ], "type": "object" } } + }, + "description": "Indicates a successful call." + } + }, + "summary": "Update a connector", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/connector/{id}/_execute": { + "post": { + "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", + "operationId": "post-actions-connector-id-execute", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "An identifier for the connector.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "params": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "params" + ], + "type": "object" + } } - }, - "409": { + } + }, + "responses": { + "200": { "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { "additionalProperties": false, - "description": "Generic Error", "properties": { - "error": { + "config": { + "additionalProperties": {}, + "type": "object" + }, + "connector_type_id": { + "description": "The connector type identifier.", "type": "string" }, - "message": { + "id": { + "description": "The identifier for the connector.", "type": "string" }, - "statusCode": { - "type": "number" + "is_deprecated": { + "description": "Indicates whether the connector is deprecated.", + "type": "boolean" + }, + "is_missing_secrets": { + "description": "Indicates whether the connector is missing secrets.", + "type": "boolean" + }, + "is_preconfigured": { + "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", + "type": "boolean" + }, + "is_system_action": { + "description": "Indicates whether the connector is used for system actions.", + "type": "boolean" + }, + "name": { + "description": " The name of the rule.", + "type": "string" } }, "required": [ - "message" + "id", + "name", + "connector_type_id", + "is_preconfigured", + "is_deprecated", + "is_system_action" ], "type": "object" } } - } + }, + "description": "Indicates a successful call." } }, - "summary": "", + "summary": "Run a connector", "tags": [ - "Fleet package policies" + "connectors" ] } }, - "/api/fleet/package_policies/_bulk_get": { - "post": { - "description": "Bulk get package policies", - "operationId": "post-fleet-package-policies-bulk-get", + "/api/actions/connector_types": { + "get": { + "description": "You do not need any Kibana feature privileges to run this API.", + "operationId": "get-actions-connector-types", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", + "in": "query", + "name": "feature_id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get connector types", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/connectors": { + "get": { + "operationId": "get-actions-connectors", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get all connectors", + "tags": [ + "connectors" + ] + } + }, + "/api/actions/list_action_types": { + "get": { + "deprecated": true, + "operationId": "get-actions-list-action-types", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + } + ], + "responses": {}, + "summary": "Get connector types", + "tags": [ + "connectors" + ] + } + }, + "/api/alerting/rule/{id}": { + "delete": { + "operationId": "delete-alerting-rule-id", "parameters": [ { "description": "The version of the API to use", @@ -34742,2954 +1481,2210 @@ } }, { - "in": "query", - "name": "format", - "required": false, + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, "schema": { - "enum": [ - "simplified", - "legacy" - ], "type": "string" } } ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "ids": { - "description": "list of package policy ids", - "items": { - "type": "string" - }, - "type": "array" - }, - "ignoreMissing": { - "type": "boolean" - } - }, - "required": [ - "ids" - ], - "type": "object" - } - } + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, + "summary": "Delete a rule", + "tags": [ + "alerting" + ] + }, + "get": { + "operationId": "get-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], "responses": { "200": { "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" + "type": "string" + } }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } + "required": [ + "store" + ], + "type": "object" }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} + "meta": { + "additionalProperties": {}, + "type": "object" }, - "required": [ - "value" - ], - "type": "object" + "query": { + "additionalProperties": {}, + "type": "object" + } }, - "description": "Package variable (see integration documentation for more information)", + "required": [ + "meta" + ], "type": "object" - } + }, + "type": "array" }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } }, - "type": "array" + "required": [ + "kql", + "filters" + ], + "type": "object" }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } + "required": [ + "start", + "end" + ], + "type": "object" }, - "type": "object" + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" } - ] - }, - "is_managed": { - "type": "boolean" + }, + "type": "object" }, - "name": { - "description": "Package policy name (should be unique)", + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", "type": "string" }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", "type": "string" }, - "output_id": { - "nullable": true, + "id": { + "description": "The identifier for the connector saved object.", "type": "string" }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" }, - "type": "object" + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" }, - "type": "array" + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } }, - "revision": { - "type": "number" + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" }, - "secret_references": { - "items": { + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", "properties": { - "id": { - "type": "string" + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" } }, "required": [ - "id" + "success_ratio" ], "type": "object" }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" }, - "type": "array" - }, - { - "items": { - "type": "number" + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", "type": "string" }, - "isSecretRef": { - "type": "boolean" - } + "nullable": true, + "type": "array" }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/delete": { - "post": { - "description": "Bulk delete package policies", - "operationId": "post-fleet-package-policies-delete", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "force": { - "type": "boolean" - }, - "packagePolicyIds": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "packagePolicyIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "body": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { + "properties": { + "metrics": { "additionalProperties": false, "properties": { - "doc_value_only_numeric": { - "type": "boolean" + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" }, - "doc_value_only_other": { - "type": "boolean" + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" }, - "synthetic_source": { - "type": "boolean" + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" }, - "tsdb": { - "type": "boolean" + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" } }, "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" } }, "required": [ - "data_stream", - "features" + "timestamp", + "metrics" ], "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" + } }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } }, - "policy_id": { - "deprecated": true, - "description": "Use `policy_ids` instead", - "nullable": true, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", "type": "string" }, - "policy_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "statusCode": { - "type": "number" - }, - "success": { - "type": "boolean" - } - }, - "required": [ - "id", - "success", - "policy_ids", - "package" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" + "type": "array" }, - "message": { + "name": { + "description": " The name of the rule.", "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/upgrade": { - "post": { - "description": "Upgrade package policy to a newer package version", - "operationId": "post-fleet-package-policies-upgrade", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "packagePolicyIds": { - "items": { + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, "type": "string" }, - "type": "array" - } - }, - "required": [ - "packagePolicyIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "body": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - }, - "success": { - "type": "boolean" - } - }, - "required": [ - "id", - "success" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, "type": "string" }, - "message": { - "type": "string" + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/upgrade/dryrun": { - "post": { - "description": "Dry run package policy upgrade", - "operationId": "post-fleet-package-policies-upgrade-dryrun", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "packagePolicyIds": { - "items": { + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", "type": "string" }, - "type": "array" - }, - "packageVersion": { - "type": "string" - } - }, - "required": [ - "packagePolicyIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "agent_diff": { - "items": { - "items": { - "additionalProperties": true, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "namespace": { - "type": "string" - } + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" }, - "required": [ - "namespace" - ], - "type": "object" - }, - "id": { - "type": "string" + "type": "array" }, - "meta": { - "additionalProperties": true, - "properties": { - "package": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - } + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" }, - "required": [ - "package" - ], - "type": "object" + "type": "array" }, - "name": { - "type": "string" + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" }, - "package_policy_id": { - "type": "string" + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" }, - "processors": { + "bysecond": { "items": { - "additionalProperties": true, - "properties": { - "add_fields": { - "additionalProperties": true, - "properties": { - "fields": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - }, - "type": "object" - }, - "target": { - "type": "string" - } - }, - "required": [ - "target", - "fields" - ], - "type": "object" - } - }, - "required": [ - "add_fields" - ], - "type": "object" + "description": "Indicates seconds of the day to recur.", + "type": "number" }, "type": "array" }, - "revision": { - "type": "number" + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" }, - "streams": { + "byweekday": { "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "dataset": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset" - ], - "type": "object" - }, - "id": { + "anyOf": [ + { "type": "string" + }, + { + "type": "number" } - }, - "required": [ - "id", - "data_stream" ], - "type": "object" + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" }, "type": "array" }, - "type": { + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", "type": "string" }, - "use_output": { + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], "type": "string" } }, "required": [ - "id", - "name", - "revision", - "type", - "data_stream", - "use_output", - "package_policy_id" + "dtstart", + "tzid" ], "type": "object" }, - "type": "array" - }, - "type": "array" - }, - "body": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" + }, + "type": "array" } }, "required": [ - "message" + "duration", + "rRule" ], "type": "object" }, - "diff": { - "items": { - "anyOf": [ - { + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + }, + "updated_at": { + "description": "The date and time that the rule was updated most recently.", + "type": "string" + }, + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" + ], + "type": "object" + } + } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Get rule details", + "tags": [ + "alerting" + ] + }, + "post": { + "operationId": "post-alerting-rule-id", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", + "in": "path", + "name": "id", + "required": false, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", + "properties": { + "query": { "additionalProperties": false, "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", "type": "string" }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", "items": { "additionalProperties": false, "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { + "$state": { "additionalProperties": false, "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" ], - "type": "object" + "type": "string" } + }, + "required": [ + "store" ], - "nullable": true + "type": "object" }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" }, - "version": { + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", "type": "string" } }, "required": [ - "name", - "enabled", - "inputs", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" + "kql", + "filters" ], "type": "object" }, - { + "timeframe": { "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", "properties": { - "description": { - "description": "Package policy description", - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "errors": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", "items": { - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "message": { - "type": "string" - } - }, - "required": [ - "message" + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 ], - "type": "object" + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "enabled": { + "default": true, + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "schedule": { + "additionalProperties": false, + "description": "The check interval, which specifies how frequently the rule conditions are checked.", + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "description": "The tags for the rule.", + "items": { + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "rule_type_id", + "consumer", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" }, - "type": "array" - }, - "force": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { "additionalProperties": false, "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", "enum": [ - "ga", - "beta", - "experimental" + "appState", + "globalState" ], "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" } }, "required": [ - "enabled", - "data_stream", - "compiled_stream" + "store" ], "type": "object" }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], + "meta": { + "additionalProperties": {}, "type": "object" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" }, - "required": [ - "type", - "enabled", - "streams" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "missingVars": { - "items": { + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", "type": "string" - }, - "type": "array" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" + } }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" + "type": "array" }, - "type": "array" - }, - "vars": { - "additionalProperties": { + "hours": { "additionalProperties": false, "properties": { - "frozen": { - "type": "boolean" - }, - "type": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", "type": "string" }, - "value": {} + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } }, "required": [ - "value" + "start", + "end" ], "type": "object" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" }, - "required": [ - "name", - "enabled", - "inputs" - ], - "type": "object" - } - ] + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } }, - "type": "array" - }, - "hasErrors": { - "type": "boolean" + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" }, - "name": { + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", "type": "string" }, - "statusCode": { - "type": "number" - } + "type": "array" }, - "required": [ - "hasErrors" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" }, - "message": { + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/{packagePolicyId}": { - "delete": { - "description": "Delete package policy by ID", - "operationId": "delete-fleet-package-policies-packagepolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "packagePolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "force", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + }, + "created_at": { + "description": "The date and time that the rule was created.", "type": "string" }, - "message": { + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - }, - "get": { - "description": "Get package policy by ID", - "operationId": "get-fleet-package-policies-packagepolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "packagePolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Error message.", + "type": "string" + }, + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { "additionalProperties": false, + "nullable": true, "properties": { - "agents": { + "look_back_window": { + "maximum": 20, + "minimum": 2, "type": "number" }, - "created_at": { - "type": "string" + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" }, - "created_by": { + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], "type": "string" }, - "description": { - "description": "Package policy description", - "type": "string" + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" }, - "elasticsearch": { - "additionalProperties": true, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", "properties": { - "privileges": { - "additionalProperties": true, + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" } }, + "required": [ + "success_ratio" + ], "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { + }, + "history": { + "description": "History of the rule run.", "items": { "additionalProperties": false, "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" + "duration": { + "description": "Duration of the rule run.", + "type": "number" }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } }, - "type": { + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", "type": "string" }, - "value": {} + "nullable": true, + "type": "array" }, - "required": [ - "value" - ], - "type": "object" + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } }, - "description": "Package variable (see integration documentation for more information)", + "required": [ + "outcome", + "alerts_count" + ], "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" } }, "required": [ - "type", - "enabled", - "streams", - "compiled_input" + "success", + "timestamp" ], "type": "object" }, "type": "array" }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" }, - "type": "object" + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, + "required": [ + "timestamp", + "metrics" + ], "type": "object" } }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", + "type": "string" + }, + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" + }, + "id": { + "description": "Identifier of the rule snooze schedule.", + "type": "string" + }, + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" }, - "type": "object" - } + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." }, - "required": [ - "data_stream", - "features" + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 ], - "type": "object" + "type": "integer" }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], "type": "string" } }, "required": [ - "id" + "dtstart", + "tzid" ], "type": "object" }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] + "type": "array" + } }, - "version": { - "type": "string" - } + "required": [ + "duration", + "rRule" + ], + "type": "object" }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, "type": "string" }, - "message": { + "updated_at": { + "description": "The date and time that the rule was updated most recently.", "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, + "type": "string" + }, + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, "type": "string" } }, "required": [ - "message" + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" ], "type": "object" } } - } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "409": { + "description": "Indicates that the rule id is already in use." } }, - "summary": "", + "summary": "Create a rule", "tags": [ - "Fleet package policies" + "alerting" ] }, "put": { - "description": "Update package policy by ID", - "operationId": "put-fleet-package-policies-packagepolicyid", + "operationId": "put-alerting-rule-id", "parameters": [ { "description": "The version of the API to use", @@ -37714,1256 +3709,1394 @@ } }, { + "description": "The identifier for the rule.", "in": "path", - "name": "packagePolicyId", + "name": "id", "required": true, "schema": { "type": "string" } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } } ], "requestBody": { "content": { "application/json; Elastic-Api-Version=2023-10-31": { "schema": { - "anyOf": [ - { + "additionalProperties": false, + "properties": { + "actions": { + "default": [], + "items": { + "additionalProperties": false, + "description": "An action that runs under defined conditions.", + "properties": { + "alerts_filter": { + "additionalProperties": false, + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "type": "string" + }, + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" + }, + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" + }, + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } + }, + "required": [ + "active" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "name": { + "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "default": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "schedule": { "additionalProperties": false, "properties": { - "description": { - "description": "Package policy description", + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "force": { - "type": "boolean" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": { + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "tags": { + "default": [], + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" + }, + "throttle": { + "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } + }, + "required": [ + "name", + "schedule" + ], + "type": "object" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "properties": { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { "additionalProperties": false, "properties": { - "frozen": { - "type": "boolean" - }, - "type": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", "type": "string" }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { "additionalProperties": false, "properties": { - "frozen": { - "type": "boolean" + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" }, - "type": { - "type": "string" + "meta": { + "additionalProperties": {}, + "type": "object" }, - "value": {} + "query": { + "additionalProperties": {}, + "type": "object" + } }, "required": [ - "value" + "meta" ], "type": "object" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" }, - "data_stream": { + "hours": { "additionalProperties": false, "properties": { - "dataset": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", "type": "string" }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", "type": "string" } }, "required": [ - "dataset", - "type" + "start", + "end" ], "type": "object" }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" } }, "required": [ - "enabled", - "data_stream", - "compiled_stream" + "days", + "hours", + "timezone" ], "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" + } }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" ], - "type": "object" + "type": "string" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } + "summary": { + "description": "Indicates whether the action is a summary.", + "type": "boolean" }, - "required": [ - "data_stream", - "features" - ], - "type": "object" + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" + } }, - "type": "array" + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" }, - "name": { - "description": "Package name", + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", "type": "string" }, - "requires_root": { - "type": "boolean" - }, - "title": { + "id": { + "description": "The identifier for the connector saved object.", "type": "string" }, - "version": { - "description": "Package version", + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", "type": "string" } }, "required": [ - "name", - "version" + "id", + "connector_type_id", + "params" ], "type": "object" }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", "type": "string" }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" + } }, - "vars": { - "additionalProperties": { + "required": [ + "active" + ], + "type": "object" + }, + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" + }, + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, + "type": "string" + }, + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", + "type": "string" + }, + "created_at": { + "description": "The date and time that the rule was created.", + "type": "string" + }, + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, + "type": "string" + }, + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { + "additionalProperties": false, + "properties": { + "error": { "additionalProperties": false, "properties": { - "frozen": { - "type": "boolean" + "message": { + "description": "Error message.", + "type": "string" }, - "type": { + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" + }, + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" + }, + "last_execution_date": { + "description": "The date and time when rule was executed last.", + "type": "string" + }, + "status": { + "description": "Status of rule execution.", + "enum": [ + "ok", + "active", + "error", + "warning", + "pending", + "unknown" + ], + "type": "string" + }, + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", "type": "string" }, - "value": {} + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } }, "required": [ - "value" + "reason", + "message" ], "type": "object" + } + }, + "required": [ + "status", + "last_execution_date" + ], + "type": "object" + }, + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } + }, + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" + }, + "id": { + "description": "The identifier for the rule.", + "type": "string" + }, + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, + "type": "string" + }, + "last_run": { + "additionalProperties": false, + "nullable": true, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } }, - "version": { - "type": "string" - } + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "force": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "additionalProperties": { + "mapped_params": { + "additionalProperties": {}, + "type": "object" + }, + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { "additionalProperties": false, + "description": "Rule run details.", "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" }, - "streams": { - "additionalProperties": { + "history": { + "description": "History of the rule run.", + "items": { "additionalProperties": false, "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" + "duration": { + "description": "Duration of the rule run.", + "type": "number" }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" }, - "type": "array" - }, - { - "items": { + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, "type": "number" }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } }, - "description": "Input/stream level variable (see integration documentation for more information)", + "required": [ + "outcome", + "alerts_count" + ], "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" } }, + "required": [ + "success", + "timestamp" + ], "type": "object" }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" + "type": "array" }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" }, - "type": "array" - }, - { - "items": { + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, "type": "number" }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } }, - "description": "Input/stream level variable (see integration documentation for more information)", + "required": [ + "timestamp", + "metrics" + ], "type": "object" } }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object" - }, - "name": { - "type": "string" + } }, - "namespace": { + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", + "type": "boolean" + }, + "muted_alert_ids": { + "items": { + "description": "List of identifiers of muted alerts. ", "type": "string" }, - "output_id": { - "nullable": true, - "type": "string" + "type": "array" + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, + "type": "string" + }, + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", + "type": "number" + }, + "rule_type_id": { + "description": "The rule type identifier.", + "type": "string" + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } }, - "package": { + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { + "items": { "additionalProperties": false, "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" }, - "title": { + "id": { + "description": "Identifier of the rule snooze schedule.", "type": "string" }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" }, - "type": "array" - }, - { - "items": { - "type": "number" + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" }, - "isSecretRef": { - "type": "boolean" - } + "type": "array" }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "package" - ], - "type": "object" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" }, - "type": "object" + "type": "array" }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" }, - "required": [ - "data_stream", - "features" + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 ], - "type": "object" + "type": "integer" }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], "type": "string" } }, "required": [ - "id" + "dtstart", + "tzid" ], "type": "object" }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" + "skipRecurrences": { + "items": { + "description": "Skips recurrence of rule on this date.", + "type": "string" }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] + "type": "array" + } }, - "version": { - "type": "string" - } + "required": [ + "duration", + "rRule" + ], + "type": "object" + }, + "type": "array" + }, + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" + "type": "array" }, - "message": { + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "403": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + "updated_at": { + "description": "The date and time that the rule was updated most recently.", "type": "string" }, - "message": { + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, "type": "string" }, - "statusCode": { - "type": "number" + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, + "type": "string" } }, "required": [ - "message" + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" ], "type": "object" } } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." + } + }, + "summary": "Update a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_disable": { + "post": { + "operationId": "post-alerting-rule-id-disable", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; Elastic-Api-Version=2023-10-31": { + "schema": { + "additionalProperties": false, + "nullable": true, + "properties": { + "untrack": { + "description": "Defines whether this rule's alerts should be untracked.", + "type": "boolean" + } + }, + "type": "object", + "x-oas-optional": true + } + } + } + }, + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Disable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_enable": { + "post": { + "operationId": "post-alerting-rule-id-enable", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } + }, + "summary": "Enable a rule", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rule/{id}/_mute_all": { + "post": { + "operationId": "post-alerting-rule-id-mute-all", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" } } + ], + "responses": { + "204": { + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + } }, - "summary": "", + "summary": "Mute all alerts", "tags": [ - "Fleet package policies" + "alerting" ] } }, - "/api/fleet/proxies": { - "get": { - "description": "List proxies", - "operationId": "get-fleet-proxies", + "/api/alerting/rule/{id}/_unmute_all": { + "post": { + "operationId": "post-alerting-rule-id-unmute-all", "parameters": [ { "description": "The version of the API to use", @@ -38976,126 +5109,50 @@ ], "type": "string" } + }, + { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } } ], "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } + "204": { + "description": "Indicates a successful call." }, "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, - "summary": "", + "summary": "Unmute all alerts", "tags": [ - "Fleet proxies" + "alerting" ] - }, + } + }, + "/api/alerting/rule/{id}/_update_api_key": { "post": { - "description": "Create proxy", - "operationId": "post-fleet-proxies", + "operationId": "post-alerting-rule-id-update-api-key", "parameters": [ { "description": "The version of the API to use", @@ -39118,171 +5175,43 @@ "example": "true", "type": "string" } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "url", - "name" - ], - "type": "object" - } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } + "204": { + "description": "Indicates a successful call." }, "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." } }, - "summary": "", + "summary": "Update the API key for a rule", "tags": [ - "Fleet proxies" + "alerting" ] } }, - "/api/fleet/proxies/{itemId}": { - "delete": { - "description": "Delete proxy by ID", - "operationId": "delete-fleet-proxies-itemid", + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { + "post": { + "operationId": "post-alerting-rule-rule-id-alert-alert-id-mute", "parameters": [ { "description": "The version of the API to use", @@ -39307,8 +5236,18 @@ } }, { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", "in": "path", - "name": "itemId", + "name": "alert_id", "required": true, "schema": { "type": "string" @@ -39316,58 +5255,28 @@ } ], "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } + "204": { + "description": "Indicates a successful call." }, "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." } }, - "summary": "", + "summary": "Mute an alert", "tags": [ - "Fleet proxies" + "alerting" ] - }, - "get": { - "description": "Get proxy by ID", - "operationId": "get-fleet-proxies-itemid", + } + }, + "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { + "post": { + "operationId": "post-alerting-rule-rule-id-alert-alert-id-unmute", "parameters": [ { "description": "The version of the API to use", @@ -39382,8 +5291,28 @@ } }, { + "description": "A required header to protect against CSRF attacks", + "in": "header", + "name": "kbn-xsrf", + "required": true, + "schema": { + "example": "true", + "type": "string" + } + }, + { + "description": "The identifier for the rule.", + "in": "path", + "name": "rule_id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "description": "The identifier for the alert.", "in": "path", - "name": "itemId", + "name": "alert_id", "required": true, "schema": { "type": "string" @@ -39391,193 +5320,184 @@ } ], "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } + "204": { + "description": "Indicates a successful call." }, "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." + } + }, + "summary": "Unmute an alert", + "tags": [ + "alerting" + ] + } + }, + "/api/alerting/rules/_find": { + "get": { + "operationId": "get-alerting-rules-find", + "parameters": [ + { + "description": "The version of the API to use", + "in": "header", + "name": "elastic-api-version", + "schema": { + "default": "2023-10-31", + "enum": [ + "2023-10-31" + ], + "type": "string" + } + }, + { + "description": "The number of rules to return per page.", + "in": "query", + "name": "per_page", + "required": false, + "schema": { + "default": 10, + "minimum": 0, + "type": "number" + } + }, + { + "description": "The page number to return.", + "in": "query", + "name": "page", + "required": false, + "schema": { + "default": 1, + "minimum": 1, + "type": "number" + } + }, + { + "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", + "in": "query", + "name": "search", + "required": false, + "schema": { + "type": "string" + } + }, + { + "description": "The default operator to use for the simple_query_string.", + "in": "query", + "name": "default_search_operator", + "required": false, + "schema": { + "default": "OR", + "enum": [ + "OR", + "AND" + ], + "type": "string" + } + }, + { + "description": "The fields to perform the simple_query_string parsed query against.", + "in": "query", + "name": "search_fields", + "required": false, + "schema": { + "anyOf": [ + { + "items": { + "type": "string" }, - "required": [ - "message" - ], - "type": "object" + "type": "array" + }, + { + "type": "string" } - } + ] + } + }, + { + "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", + "in": "query", + "name": "sort_field", + "required": false, + "schema": { + "type": "string" } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - }, - "put": { - "description": "Update proxy by ID", - "operationId": "put-fleet-proxies-itemid", - "parameters": [ + }, { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", + "description": "Determines the sort order.", + "in": "query", + "name": "sort_order", + "required": false, "schema": { - "default": "2023-10-31", "enum": [ - "2023-10-31" + "asc", + "desc" ], "type": "string" } }, { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, + "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", + "in": "query", + "name": "has_reference", + "required": false, "schema": { - "example": "true", - "type": "string" + "additionalProperties": false, + "nullable": true, + "properties": { + "id": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type", + "id" + ], + "type": "object" } }, { - "in": "path", - "name": "itemId", - "required": true, + "in": "query", + "name": "fields", + "required": false, + "schema": { + "items": { + "description": "The fields to return in the `attributes` key of the response.", + "type": "string" + }, + "type": "array" + } + }, + { + "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", + "in": "query", + "name": "filter", + "required": false, "schema": { "type": "string" } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "proxy_headers", - "certificate_authorities", - "certificate", - "certificate_key" - ], - "type": "object" - } + }, + { + "in": "query", + "name": "filter_consumers", + "required": false, + "schema": { + "items": { + "description": "List of consumers to filter.", + "type": "string" + }, + "type": "array" } } - }, + ], "responses": { "200": { "content": { @@ -39585,974 +5505,905 @@ "schema": { "additionalProperties": false, "properties": { - "item": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { + "actions": { + "items": { + "additionalProperties": false, + "properties": { + "alerts_filter": { + "additionalProperties": false, + "description": "Defines a period that limits whether the action runs.", + "properties": { + "query": { + "additionalProperties": false, + "properties": { + "dsl": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", + "type": "string" + }, + "filters": { + "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", + "items": { + "additionalProperties": false, + "properties": { + "$state": { + "additionalProperties": false, + "properties": { + "store": { + "description": "A filter can be either specific to an application context or applied globally.", + "enum": [ + "appState", + "globalState" + ], + "type": "string" + } + }, + "required": [ + "store" + ], + "type": "object" + }, + "meta": { + "additionalProperties": {}, + "type": "object" + }, + "query": { + "additionalProperties": {}, + "type": "object" + } + }, + "required": [ + "meta" + ], + "type": "object" + }, + "type": "array" + }, + "kql": { + "description": "A filter written in Kibana Query Language (KQL).", + "type": "string" + } + }, + "required": [ + "kql", + "filters" + ], + "type": "object" + }, + "timeframe": { + "additionalProperties": false, + "properties": { + "days": { + "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", + "items": { + "enum": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7 + ], + "type": "integer" + }, + "type": "array" + }, + "hours": { + "additionalProperties": false, + "properties": { + "end": { + "description": "The end of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + }, + "start": { + "description": "The start of the time frame in 24-hour notation (`hh:mm`).", + "type": "string" + } + }, + "required": [ + "start", + "end" + ], + "type": "object" + }, + "timezone": { + "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", + "type": "string" + } + }, + "required": [ + "days", + "hours", + "timezone" + ], + "type": "object" + } + }, + "type": "object" + }, + "connector_type_id": { + "description": "The type of connector. This property appears in responses but cannot be set in requests.", + "type": "string" + }, + "frequency": { + "additionalProperties": false, + "properties": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], "type": "string" }, - { + "summary": { + "description": "Indicates whether the action is a summary.", "type": "boolean" }, - { - "type": "number" + "throttle": { + "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, + "type": "string" } - ] + }, + "required": [ + "summary", + "notify_when", + "throttle" + ], + "type": "object" }, - "nullable": true, - "type": "object" + "group": { + "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", + "type": "string" + }, + "id": { + "description": "The identifier for the connector saved object.", + "type": "string" + }, + "params": { + "additionalProperties": {}, + "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", + "type": "object" + }, + "use_alert_data_for_template": { + "description": "Indicates whether to use alert data as a template.", + "type": "boolean" + }, + "uuid": { + "description": "A universally unique identifier (UUID) for the action.", + "type": "string" + } }, - "url": { - "type": "string" + "required": [ + "id", + "connector_type_id", + "params" + ], + "type": "object" + }, + "type": "array" + }, + "active_snoozes": { + "items": { + "description": "List of active snoozes for the rule.", + "type": "string" + }, + "type": "array" + }, + "alert_delay": { + "additionalProperties": false, + "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", + "properties": { + "active": { + "description": "The number of consecutive runs that must meet the rule conditions.", + "type": "number" } }, "required": [ - "id", - "url", - "name" + "active" ], "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" }, - "message": { - "type": "string" + "api_key_created_by_user": { + "description": "Indicates whether the API key that is associated with the rule was created by the user.", + "nullable": true, + "type": "boolean" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - } - }, - "/api/fleet/service-tokens": { - "post": { - "description": "Create a service token", - "operationId": "post-fleet-service-tokens-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/service_tokens": { - "post": { - "description": "Create a service token", - "operationId": "post-fleet-service-tokens", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "remote": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "name": { + "api_key_owner": { + "description": "The owner of the API key that is associated with the rule and used to run background tasks.", + "nullable": true, "type": "string" }, - "value": { + "consumer": { + "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + }, + "created_at": { + "description": "The date and time that the rule was created.", "type": "string" }, - "message": { + "created_by": { + "description": "The identifier for the user that created the rule.", + "nullable": true, "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet service tokens" - ] - } - }, - "/api/fleet/settings": { - "get": { - "description": "Get settings", - "operationId": "get-fleet-settings", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { + "enabled": { + "description": "Indicates whether you want to run the rule on an interval basis after it is created.", + "type": "boolean" + }, + "execution_status": { "additionalProperties": false, "properties": { - "delete_unenrolled_agents": { + "error": { "additionalProperties": false, "properties": { - "enabled": { - "type": "boolean" + "message": { + "description": "Error message.", + "type": "string" }, - "is_preconfigured": { - "type": "boolean" + "reason": { + "description": "Reason for error.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate" + ], + "type": "string" } }, "required": [ - "enabled", - "is_preconfigured" + "reason", + "message" ], "type": "object" }, - "fleet_server_hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "has_seen_add_data_notice": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "output_secret_storage_requirements_met": { - "type": "boolean" - }, - "preconfigured_fields": { - "items": { - "enum": [ - "fleet_server_hosts" - ], - "type": "string" - }, - "type": "array" - }, - "prerelease_integrations_enabled": { - "type": "boolean" - }, - "secret_storage_requirements_met": { - "type": "boolean" + "last_duration": { + "description": "Duration of last execution of the rule.", + "type": "number" }, - "use_space_awareness_migration_started_at": { + "last_execution_date": { + "description": "The date and time when rule was executed last.", "type": "string" }, - "use_space_awareness_migration_status": { + "status": { + "description": "Status of rule execution.", "enum": [ + "ok", + "active", + "error", + "warning", "pending", - "success", - "error" + "unknown" ], "type": "string" }, - "version": { - "type": "string" + "warning": { + "additionalProperties": false, + "properties": { + "message": { + "description": "Warning message.", + "type": "string" + }, + "reason": { + "description": "Reason for warning.", + "enum": [ + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "type": "string" + } + }, + "required": [ + "reason", + "message" + ], + "type": "object" } }, "required": [ - "id" + "status", + "last_execution_date" ], "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - }, - "put": { - "description": "Update settings", - "operationId": "put-fleet-settings", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "additional_yaml_config": { - "type": "string" - }, - "delete_unenrolled_agents": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" + "flapping": { + "additionalProperties": false, + "nullable": true, + "properties": { + "look_back_window": { + "maximum": 20, + "minimum": 2, + "type": "number" + }, + "status_change_threshold": { + "maximum": 20, + "minimum": 2, + "type": "number" + } }, - "is_preconfigured": { - "type": "boolean" - } + "required": [ + "look_back_window", + "status_change_threshold" + ], + "type": "object" }, - "required": [ - "enabled", - "is_preconfigured" - ], - "type": "object" - }, - "fleet_server_hosts": { - "items": { - "format": "uri", + "id": { + "description": "The identifier for the rule.", "type": "string" }, - "type": "array" - }, - "has_seen_add_data_notice": { - "type": "boolean" - }, - "kibana_ca_sha256": { - "type": "string" - }, - "kibana_urls": { - "items": { - "format": "uri", + "is_snoozed_until": { + "description": "The date when the rule will no longer be snoozed.", + "nullable": true, "type": "string" }, - "type": "array" - }, - "prerelease_integrations_enabled": { - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { + "last_run": { "additionalProperties": false, + "nullable": true, "properties": { - "delete_unenrolled_agents": { + "alerts_count": { "additionalProperties": false, "properties": { - "enabled": { - "type": "boolean" + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" }, - "is_preconfigured": { - "type": "boolean" - } - }, - "required": [ - "enabled", - "is_preconfigured" - ], - "type": "object" - }, - "fleet_server_hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "has_seen_add_data_notice": { - "type": "boolean" + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" }, - "id": { + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], "type": "string" }, - "output_secret_storage_requirements_met": { - "type": "boolean" - }, - "preconfigured_fields": { + "outcome_msg": { "items": { - "enum": [ - "fleet_server_hosts" - ], + "description": "Outcome message generated during last rule run.", "type": "string" }, + "nullable": true, "type": "array" }, - "prerelease_integrations_enabled": { - "type": "boolean" - }, - "secret_storage_requirements_met": { - "type": "boolean" - }, - "use_space_awareness_migration_started_at": { - "type": "string" + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" }, - "use_space_awareness_migration_status": { + "warning": { + "description": "Warning of last rule execution.", "enum": [ - "pending", - "success", - "error" + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" ], - "type": "string" - }, - "version": { + "nullable": true, "type": "string" } }, "required": [ - "id" + "outcome", + "alerts_count" ], "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" }, - "message": { - "type": "string" + "mapped_params": { + "additionalProperties": {}, + "type": "object" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/setup": { - "post": { - "description": "Initiate Fleet setup", - "operationId": "post-fleet-setup", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", - "properties": { - "isInitialized": { + "monitoring": { + "additionalProperties": false, + "description": "Monitoring details of the rule.", + "properties": { + "run": { + "additionalProperties": false, + "description": "Rule run details.", + "properties": { + "calculated_metrics": { + "additionalProperties": false, + "description": "Calculation of different percentiles and success ratio.", + "properties": { + "p50": { + "type": "number" + }, + "p95": { + "type": "number" + }, + "p99": { + "type": "number" + }, + "success_ratio": { + "type": "number" + } + }, + "required": [ + "success_ratio" + ], + "type": "object" + }, + "history": { + "description": "History of the rule run.", + "items": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of the rule run.", + "type": "number" + }, + "outcome": { + "additionalProperties": false, + "properties": { + "alerts_count": { + "additionalProperties": false, + "properties": { + "active": { + "description": "Number of active alerts during last run.", + "nullable": true, + "type": "number" + }, + "ignored": { + "description": "Number of ignored alerts during last run.", + "nullable": true, + "type": "number" + }, + "new": { + "description": "Number of new alerts during last run.", + "nullable": true, + "type": "number" + }, + "recovered": { + "description": "Number of recovered alerts during last run.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "outcome": { + "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", + "enum": [ + "succeeded", + "warning", + "failed" + ], + "type": "string" + }, + "outcome_msg": { + "items": { + "description": "Outcome message generated during last rule run.", + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "outcome_order": { + "description": "Order of the outcome.", + "type": "number" + }, + "warning": { + "description": "Warning of last rule execution.", + "enum": [ + "read", + "decrypt", + "execute", + "unknown", + "license", + "timeout", + "disabled", + "validate", + "maxExecutableActions", + "maxAlerts", + "maxQueuedActions", + "ruleExecution" + ], + "nullable": true, + "type": "string" + } + }, + "required": [ + "outcome", + "alerts_count" + ], + "type": "object" + }, + "success": { + "description": "Indicates whether the rule run was successful.", + "type": "boolean" + }, + "timestamp": { + "description": "Time of rule run.", + "type": "number" + } + }, + "required": [ + "success", + "timestamp" + ], + "type": "object" + }, + "type": "array" + }, + "last_run": { + "additionalProperties": false, + "properties": { + "metrics": { + "additionalProperties": false, + "properties": { + "duration": { + "description": "Duration of most recent rule run.", + "type": "number" + }, + "gap_duration_s": { + "description": "Duration in seconds of rule run gap.", + "nullable": true, + "type": "number" + }, + "total_alerts_created": { + "description": "Total number of alerts created during last rule run.", + "nullable": true, + "type": "number" + }, + "total_alerts_detected": { + "description": "Total number of alerts detected during last rule run.", + "nullable": true, + "type": "number" + }, + "total_indexing_duration_ms": { + "description": "Total time spent indexing documents during last rule run in milliseconds.", + "nullable": true, + "type": "number" + }, + "total_search_duration_ms": { + "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", + "nullable": true, + "type": "number" + } + }, + "type": "object" + }, + "timestamp": { + "description": "Time of the most recent rule run.", + "type": "string" + } + }, + "required": [ + "timestamp", + "metrics" + ], + "type": "object" + } + }, + "required": [ + "history", + "calculated_metrics", + "last_run" + ], + "type": "object" + } + }, + "required": [ + "run" + ], + "type": "object" + }, + "mute_all": { + "description": "Indicates whether all alerts are muted.", "type": "boolean" }, - "nonFatalErrors": { + "muted_alert_ids": { "items": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" + "description": "List of identifiers of muted alerts. ", + "type": "string" }, "type": "array" - } - }, - "required": [ - "isInitialized", - "nonFatalErrors" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + }, + "name": { + "description": " The name of the rule.", + "type": "string" + }, + "next_run": { + "description": "Date and time of the next run of the rule.", + "nullable": true, "type": "string" }, - "message": { + "notify_when": { + "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "enum": [ + "onActionGroupChange", + "onActiveAlert", + "onThrottleInterval" + ], + "nullable": true, "type": "string" }, - "statusCode": { + "params": { + "additionalProperties": {}, + "description": "The parameters for the rule.", + "type": "object" + }, + "revision": { + "description": "The rule revision number.", "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "500": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Internal Server Error", - "properties": { - "message": { + }, + "rule_type_id": { + "description": "The rule type identifier.", "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/uninstall_tokens": { - "get": { - "description": "List metadata for latest uninstall tokens per agent policy", - "operationId": "get-fleet-uninstall-tokens", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "Partial match filtering for policy IDs", - "in": "query", - "name": "policyId", - "required": false, - "schema": { - "maxLength": 50, - "type": "string" - } - }, - { - "in": "query", - "name": "search", - "required": false, - "schema": { - "maxLength": 50, - "type": "string" - } - }, - { - "description": "The number of items to return", - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "minimum": 5, - "type": "number" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "minimum": 1, - "type": "number" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { + }, + "running": { + "description": "Indicates whether the rule is running.", + "nullable": true, + "type": "boolean" + }, + "schedule": { + "additionalProperties": false, + "properties": { + "interval": { + "description": "The interval is specified in seconds, minutes, hours, or days.", + "type": "string" + } + }, + "required": [ + "interval" + ], + "type": "object" + }, + "scheduled_task_id": { + "description": "Identifier of the scheduled task.", + "type": "string" + }, + "snooze_schedule": { "items": { "additionalProperties": false, "properties": { - "created_at": { - "type": "string" + "duration": { + "description": "Duration of the rule snooze schedule.", + "type": "number" }, "id": { + "description": "Identifier of the rule snooze schedule.", "type": "string" }, - "namespaces": { + "rRule": { + "additionalProperties": false, + "properties": { + "byhour": { + "items": { + "description": "Indicates hours of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "byminute": { + "items": { + "description": "Indicates minutes of the hour to recur.", + "type": "number" + }, + "type": "array" + }, + "bymonth": { + "items": { + "description": "Indicates months of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "bymonthday": { + "items": { + "description": "Indicates the days of the month to recur.", + "type": "number" + }, + "type": "array" + }, + "bysecond": { + "items": { + "description": "Indicates seconds of the day to recur.", + "type": "number" + }, + "type": "array" + }, + "bysetpos": { + "items": { + "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", + "type": "number" + }, + "type": "array" + }, + "byweekday": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." + }, + "type": "array" + }, + "byweekno": { + "items": { + "description": "Indicates number of the week hours to recur.", + "type": "number" + }, + "type": "array" + }, + "byyearday": { + "items": { + "description": "Indicates the days of the year that this rule should recur.", + "type": "number" + }, + "type": "array" + }, + "count": { + "description": "Number of times the rule should recur until it stops.", + "type": "number" + }, + "dtstart": { + "description": "Rule start date in Coordinated Universal Time (UTC).", + "type": "string" + }, + "freq": { + "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", + "enum": [ + 0, + 1, + 2, + 3, + 4, + 5, + 6 + ], + "type": "integer" + }, + "interval": { + "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", + "type": "number" + }, + "tzid": { + "description": "Indicates timezone abbreviation.", + "type": "string" + }, + "until": { + "description": "Recur the rule until this date.", + "type": "string" + }, + "wkst": { + "description": "Indicates the start of week, defaults to Monday.", + "enum": [ + "MO", + "TU", + "WE", + "TH", + "FR", + "SA", + "SU" + ], + "type": "string" + } + }, + "required": [ + "dtstart", + "tzid" + ], + "type": "object" + }, + "skipRecurrences": { "items": { + "description": "Skips recurrence of rule on this date.", "type": "string" }, "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_name": { - "nullable": true, - "type": "string" } }, "required": [ - "id", - "policy_id", - "created_at" + "duration", + "rRule" ], "type": "object" }, "type": "array" }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" + "tags": { + "items": { + "description": "The tags for the rule.", + "type": "string" + }, + "type": "array" }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + "throttle": { + "deprecated": true, + "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", + "nullable": true, "type": "string" }, - "message": { + "updated_at": { + "description": "The date and time that the rule was updated most recently.", "type": "string" }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet uninstall tokens" - ] - } - }, - "/api/fleet/uninstall_tokens/{uninstallTokenId}": { - "get": { - "description": "Get one decrypted uninstall token by its ID", - "operationId": "get-fleet-uninstall-tokens-uninstalltokenid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "uninstallTokenId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_name": { - "nullable": true, - "type": "string" - }, - "token": { - "type": "string" - } - }, - "required": [ - "id", - "policy_id", - "created_at", - "token" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { + "updated_by": { + "description": "The identifier for the user that updated this rule most recently.", + "nullable": true, "type": "string" }, - "message": { + "view_in_app_relative_url": { + "description": "Relative URL to view rule in the app.", + "nullable": true, "type": "string" - }, - "statusCode": { - "type": "number" } }, "required": [ - "message" + "id", + "enabled", + "name", + "tags", + "rule_type_id", + "consumer", + "schedule", + "actions", + "params", + "created_by", + "updated_by", + "created_at", + "updated_at", + "api_key_owner", + "mute_all", + "muted_alert_ids", + "execution_status", + "revision" ], "type": "object" } } - } + }, + "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." } }, - "summary": "", + "summary": "Get information about rules", "tags": [ - "Fleet uninstall tokens" + "alerting" ] } }, @@ -42234,54 +8085,6 @@ { "name": "connectors" }, - { - "name": "Data streams" - }, - { - "name": "Elastic Agent actions" - }, - { - "name": "Elastic Agent binary download sources" - }, - { - "name": "Elastic Agent policies" - }, - { - "name": "Elastic Agent status" - }, - { - "name": "Elastic Agents" - }, - { - "name": "Elastic Package Manager (EPM)" - }, - { - "name": "Fleet enrollment API keys" - }, - { - "name": "Fleet internals" - }, - { - "name": "Fleet outputs" - }, - { - "name": "Fleet package policies" - }, - { - "name": "Fleet proxies" - }, - { - "name": "Fleet Server hosts" - }, - { - "name": "Fleet service tokens" - }, - { - "name": "Fleet uninstall tokens" - }, - { - "name": "Message Signing Service" - }, { "name": "roles" }, From 948d02f550054cbe7b67aa13f66cae5fe7efd894 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 31 Oct 2024 14:37:37 -0700 Subject: [PATCH 3/4] Remove serverless files --- oas_docs/bundle.serverless.json | 41826 -------------------- oas_docs/output/kibana.serverless.yaml | 47167 ++++++----------------- 2 files changed, 11646 insertions(+), 77347 deletions(-) delete mode 100644 oas_docs/bundle.serverless.json diff --git a/oas_docs/bundle.serverless.json b/oas_docs/bundle.serverless.json deleted file mode 100644 index fedad1196676d..0000000000000 --- a/oas_docs/bundle.serverless.json +++ /dev/null @@ -1,41826 +0,0 @@ -{ - "components": { - "schemas": { - "core_status_redactedResponse": { - "additionalProperties": false, - "description": "A minimal representation of Kibana's operational status.", - "properties": { - "status": { - "additionalProperties": false, - "properties": { - "overall": { - "additionalProperties": false, - "properties": { - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - } - }, - "required": [ - "level" - ], - "type": "object" - } - }, - "required": [ - "overall" - ], - "type": "object" - } - }, - "required": [ - "status" - ], - "type": "object" - }, - "core_status_response": { - "additionalProperties": false, - "description": "Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request.", - "properties": { - "metrics": { - "additionalProperties": false, - "description": "Metric groups collected by Kibana.", - "properties": { - "collection_interval_in_millis": { - "description": "The interval at which metrics should be collected.", - "type": "number" - }, - "elasticsearch_client": { - "additionalProperties": false, - "description": "Current network metrics of Kibana's Elasticsearch client.", - "properties": { - "totalActiveSockets": { - "description": "Count of network sockets currently in use.", - "type": "number" - }, - "totalIdleSockets": { - "description": "Count of network sockets currently idle.", - "type": "number" - }, - "totalQueuedRequests": { - "description": "Count of requests not yet assigned to sockets.", - "type": "number" - } - }, - "required": [ - "totalActiveSockets", - "totalIdleSockets", - "totalQueuedRequests" - ], - "type": "object" - }, - "last_updated": { - "description": "The time metrics were collected.", - "type": "string" - } - }, - "required": [ - "elasticsearch_client", - "last_updated", - "collection_interval_in_millis" - ], - "type": "object" - }, - "name": { - "description": "Kibana instance name.", - "type": "string" - }, - "status": { - "additionalProperties": false, - "properties": { - "core": { - "additionalProperties": false, - "description": "Statuses of core Kibana services.", - "properties": { - "elasticsearch": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - }, - "savedObjects": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - } - }, - "required": [ - "elasticsearch", - "savedObjects" - ], - "type": "object" - }, - "overall": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - }, - "plugins": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "detail": { - "description": "Human readable detail of the service status.", - "type": "string" - }, - "documentationUrl": { - "description": "A URL to further documentation regarding this service.", - "type": "string" - }, - "level": { - "description": "Service status levels as human and machine readable values.", - "enum": [ - "available", - "degraded", - "unavailable", - "critical" - ], - "type": "string" - }, - "meta": { - "additionalProperties": {}, - "description": "An unstructured set of extra metadata about this service.", - "type": "object" - }, - "summary": { - "description": "A human readable summary of the service status.", - "type": "string" - } - }, - "required": [ - "level", - "summary", - "meta" - ], - "type": "object" - }, - "description": "A dynamic mapping of plugin ID to plugin status.", - "type": "object" - } - }, - "required": [ - "overall", - "core", - "plugins" - ], - "type": "object" - }, - "uuid": { - "description": "Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts.", - "type": "string" - }, - "version": { - "additionalProperties": false, - "properties": { - "build_date": { - "description": "The date and time of this build.", - "type": "string" - }, - "build_flavor": { - "description": "The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the \"traditional\" flavour, while other flavours are reserved for Elastic-specific use cases.", - "enum": [ - "serverless", - "traditional" - ], - "type": "string" - }, - "build_hash": { - "description": "A unique hash value representing the git commit of this Kibana build.", - "type": "string" - }, - "build_number": { - "description": "A monotonically increasing number, each subsequent build will have a higher number.", - "type": "number" - }, - "build_snapshot": { - "description": "Whether this build is a snapshot build.", - "type": "boolean" - }, - "number": { - "description": "A semantic version number.", - "type": "string" - } - }, - "required": [ - "number", - "build_hash", - "build_number", - "build_snapshot", - "build_flavor", - "build_date" - ], - "type": "object" - } - }, - "required": [ - "name", - "uuid", - "version", - "status", - "metrics" - ], - "type": "object" - } - }, - "securitySchemes": { - "apiKeyAuth": { - "in": "header", - "name": "Authorization", - "type": "apiKey" - }, - "basicAuth": { - "scheme": "basic", - "type": "http" - } - } - }, - "info": { - "title": "Kibana HTTP APIs", - "version": "0.0.0" - }, - "openapi": "3.0.0", - "paths": { - "/api/actions/connector/{id}": { - "delete": { - "description": "WARNING: When you delete a connector, it cannot be recovered.", - "operationId": "delete-actions-connector-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Delete a connector", - "tags": [ - "connectors" - ] - }, - "get": { - "operationId": "get-actions-connector-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Get connector information", - "tags": [ - "connectors" - ] - }, - "post": { - "operationId": "post-actions-connector-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector.", - "type": "string" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name", - "connector_type_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Create a connector", - "tags": [ - "connectors" - ] - }, - "put": { - "operationId": "put-actions-connector-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "default": {}, - "type": "object" - }, - "name": { - "description": "The display name for the connector.", - "type": "string" - }, - "secrets": { - "additionalProperties": {}, - "default": {}, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Update a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector/{id}/_execute": { - "post": { - "description": "You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.", - "operationId": "post-actions-connector-id-execute", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "An identifier for the connector.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "params": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "params" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": {}, - "type": "object" - }, - "connector_type_id": { - "description": "The connector type identifier.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector.", - "type": "string" - }, - "is_deprecated": { - "description": "Indicates whether the connector is deprecated.", - "type": "boolean" - }, - "is_missing_secrets": { - "description": "Indicates whether the connector is missing secrets.", - "type": "boolean" - }, - "is_preconfigured": { - "description": "Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ", - "type": "boolean" - }, - "is_system_action": { - "description": "Indicates whether the connector is used for system actions.", - "type": "boolean" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - } - }, - "required": [ - "id", - "name", - "connector_type_id", - "is_preconfigured", - "is_deprecated", - "is_system_action" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - } - }, - "summary": "Run a connector", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connector_types": { - "get": { - "description": "You do not need any Kibana feature privileges to run this API.", - "operationId": "get-actions-connector-types", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).", - "in": "query", - "name": "feature_id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get connector types", - "tags": [ - "connectors" - ] - } - }, - "/api/actions/connectors": { - "get": { - "operationId": "get-actions-connectors", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": {}, - "summary": "Get all connectors", - "tags": [ - "connectors" - ] - } - }, - "/api/alerting/rule/{id}": { - "delete": { - "operationId": "delete-alerting-rule-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Delete a rule", - "tags": [ - "alerting" - ] - }, - "get": { - "operationId": "get-alerting-rule-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Get rule details", - "tags": [ - "alerting" - ] - }, - "post": { - "operationId": "post-alerting-rule-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule. If it is omitted, an ID is randomly generated.", - "in": "path", - "name": "id", - "required": false, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "enabled": { - "default": true, - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "schedule": { - "additionalProperties": false, - "description": "The check interval, which specifies how frequently the rule conditions are checked.", - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "description": "The tags for the rule.", - "items": { - "type": "string" - }, - "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "rule_type_id", - "consumer", - "schedule" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "409": { - "description": "Indicates that the rule id is already in use." - } - }, - "summary": "Create a rule", - "tags": [ - "alerting" - ] - }, - "put": { - "operationId": "put-alerting-rule-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "default": [], - "items": { - "additionalProperties": false, - "description": "An action that runs under defined conditions.", - "properties": { - "alerts_filter": { - "additionalProperties": false, - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "description": "Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.", - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "name": { - "description": "The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.", - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "default": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "tags": { - "default": [], - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "description": "Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "schedule" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_disable": { - "post": { - "operationId": "post-alerting-rule-id-disable", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "untrack": { - "description": "Defines whether this rule's alerts should be untracked.", - "type": "boolean" - } - }, - "type": "object", - "x-oas-optional": true - } - } - } - }, - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Disable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_enable": { - "post": { - "operationId": "post-alerting-rule-id-enable", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Enable a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_mute_all": { - "post": { - "operationId": "post-alerting-rule-id-mute-all", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Mute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_unmute_all": { - "post": { - "operationId": "post-alerting-rule-id-unmute-all", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - } - }, - "summary": "Unmute all alerts", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{id}/_update_api_key": { - "post": { - "operationId": "post-alerting-rule-id-update-api-key", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule with the given ID does not exist." - }, - "409": { - "description": "Indicates that the rule has already been updated by another user." - } - }, - "summary": "Update the API key for a rule", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute": { - "post": { - "operationId": "post-alerting-rule-rule-id-alert-alert-id-mute", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } - }, - "summary": "Mute an alert", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute": { - "post": { - "operationId": "post-alerting-rule-rule-id-alert-alert-id-unmute", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The identifier for the rule.", - "in": "path", - "name": "rule_id", - "required": true, - "schema": { - "type": "string" - } - }, - { - "description": "The identifier for the alert.", - "in": "path", - "name": "alert_id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - }, - "404": { - "description": "Indicates a rule or alert with the given ID does not exist." - } - }, - "summary": "Unmute an alert", - "tags": [ - "alerting" - ] - } - }, - "/api/alerting/rules/_find": { - "get": { - "operationId": "get-alerting-rules-find", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The number of rules to return per page.", - "in": "query", - "name": "per_page", - "required": false, - "schema": { - "default": 10, - "minimum": 0, - "type": "number" - } - }, - { - "description": "The page number to return.", - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "minimum": 1, - "type": "number" - } - }, - { - "description": "An Elasticsearch simple_query_string query that filters the objects in the response.", - "in": "query", - "name": "search", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "The default operator to use for the simple_query_string.", - "in": "query", - "name": "default_search_operator", - "required": false, - "schema": { - "default": "OR", - "enum": [ - "OR", - "AND" - ], - "type": "string" - } - }, - { - "description": "The fields to perform the simple_query_string parsed query against.", - "in": "query", - "name": "search_fields", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "description": "Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.", - "in": "query", - "name": "sort_field", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "Determines the sort order.", - "in": "query", - "name": "sort_order", - "required": false, - "schema": { - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - }, - { - "description": "Filters the rules that have a relation with the reference objects with a specific type and identifier.", - "in": "query", - "name": "has_reference", - "required": false, - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "id": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type", - "id" - ], - "type": "object" - } - }, - { - "in": "query", - "name": "fields", - "required": false, - "schema": { - "items": { - "description": "The fields to return in the `attributes` key of the response.", - "type": "string" - }, - "type": "array" - } - }, - { - "description": "A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: \"myTitle\"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.", - "in": "query", - "name": "filter", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "filter_consumers", - "required": false, - "schema": { - "items": { - "description": "List of consumers to filter.", - "type": "string" - }, - "type": "array" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actions": { - "items": { - "additionalProperties": false, - "properties": { - "alerts_filter": { - "additionalProperties": false, - "description": "Defines a period that limits whether the action runs.", - "properties": { - "query": { - "additionalProperties": false, - "properties": { - "dsl": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL).", - "type": "string" - }, - "filters": { - "description": "A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.", - "items": { - "additionalProperties": false, - "properties": { - "$state": { - "additionalProperties": false, - "properties": { - "store": { - "description": "A filter can be either specific to an application context or applied globally.", - "enum": [ - "appState", - "globalState" - ], - "type": "string" - } - }, - "required": [ - "store" - ], - "type": "object" - }, - "meta": { - "additionalProperties": {}, - "type": "object" - }, - "query": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "meta" - ], - "type": "object" - }, - "type": "array" - }, - "kql": { - "description": "A filter written in Kibana Query Language (KQL).", - "type": "string" - } - }, - "required": [ - "kql", - "filters" - ], - "type": "object" - }, - "timeframe": { - "additionalProperties": false, - "properties": { - "days": { - "description": "Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.", - "items": { - "enum": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7 - ], - "type": "integer" - }, - "type": "array" - }, - "hours": { - "additionalProperties": false, - "properties": { - "end": { - "description": "The end of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - }, - "start": { - "description": "The start of the time frame in 24-hour notation (`hh:mm`).", - "type": "string" - } - }, - "required": [ - "start", - "end" - ], - "type": "object" - }, - "timezone": { - "description": "The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.", - "type": "string" - } - }, - "required": [ - "days", - "hours", - "timezone" - ], - "type": "object" - } - }, - "type": "object" - }, - "connector_type_id": { - "description": "The type of connector. This property appears in responses but cannot be set in requests.", - "type": "string" - }, - "frequency": { - "additionalProperties": false, - "properties": { - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "type": "string" - }, - "summary": { - "description": "Indicates whether the action is a summary.", - "type": "boolean" - }, - "throttle": { - "description": "The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if 'notify_when' is set to 'onThrottleInterval'. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "summary", - "notify_when", - "throttle" - ], - "type": "object" - }, - "group": { - "description": "The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.", - "type": "string" - }, - "id": { - "description": "The identifier for the connector saved object.", - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.", - "type": "object" - }, - "use_alert_data_for_template": { - "description": "Indicates whether to use alert data as a template.", - "type": "boolean" - }, - "uuid": { - "description": "A universally unique identifier (UUID) for the action.", - "type": "string" - } - }, - "required": [ - "id", - "connector_type_id", - "params" - ], - "type": "object" - }, - "type": "array" - }, - "active_snoozes": { - "items": { - "description": "List of active snoozes for the rule.", - "type": "string" - }, - "type": "array" - }, - "alert_delay": { - "additionalProperties": false, - "description": "Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.", - "properties": { - "active": { - "description": "The number of consecutive runs that must meet the rule conditions.", - "type": "number" - } - }, - "required": [ - "active" - ], - "type": "object" - }, - "api_key_created_by_user": { - "description": "Indicates whether the API key that is associated with the rule was created by the user.", - "nullable": true, - "type": "boolean" - }, - "api_key_owner": { - "description": "The owner of the API key that is associated with the rule and used to run background tasks.", - "nullable": true, - "type": "string" - }, - "consumer": { - "description": "The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.", - "type": "string" - }, - "created_at": { - "description": "The date and time that the rule was created.", - "type": "string" - }, - "created_by": { - "description": "The identifier for the user that created the rule.", - "nullable": true, - "type": "string" - }, - "enabled": { - "description": "Indicates whether you want to run the rule on an interval basis after it is created.", - "type": "boolean" - }, - "execution_status": { - "additionalProperties": false, - "properties": { - "error": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Error message.", - "type": "string" - }, - "reason": { - "description": "Reason for error.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - }, - "last_duration": { - "description": "Duration of last execution of the rule.", - "type": "number" - }, - "last_execution_date": { - "description": "The date and time when rule was executed last.", - "type": "string" - }, - "status": { - "description": "Status of rule execution.", - "enum": [ - "ok", - "active", - "error", - "warning", - "pending", - "unknown" - ], - "type": "string" - }, - "warning": { - "additionalProperties": false, - "properties": { - "message": { - "description": "Warning message.", - "type": "string" - }, - "reason": { - "description": "Reason for warning.", - "enum": [ - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "type": "string" - } - }, - "required": [ - "reason", - "message" - ], - "type": "object" - } - }, - "required": [ - "status", - "last_execution_date" - ], - "type": "object" - }, - "flapping": { - "additionalProperties": false, - "nullable": true, - "properties": { - "look_back_window": { - "maximum": 20, - "minimum": 2, - "type": "number" - }, - "status_change_threshold": { - "maximum": 20, - "minimum": 2, - "type": "number" - } - }, - "required": [ - "look_back_window", - "status_change_threshold" - ], - "type": "object" - }, - "id": { - "description": "The identifier for the rule.", - "type": "string" - }, - "is_snoozed_until": { - "description": "The date when the rule will no longer be snoozed.", - "nullable": true, - "type": "string" - }, - "last_run": { - "additionalProperties": false, - "nullable": true, - "properties": { - "alerts_count": { - "additionalProperties": false, - "properties": { - "active": { - "description": "Number of active alerts during last run.", - "nullable": true, - "type": "number" - }, - "ignored": { - "description": "Number of ignored alerts during last run.", - "nullable": true, - "type": "number" - }, - "new": { - "description": "Number of new alerts during last run.", - "nullable": true, - "type": "number" - }, - "recovered": { - "description": "Number of recovered alerts during last run.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "outcome_msg": { - "items": { - "description": "Outcome message generated during last rule run.", - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "outcome_order": { - "description": "Order of the outcome.", - "type": "number" - }, - "warning": { - "description": "Warning of last rule execution.", - "enum": [ - "read", - "decrypt", - "execute", - "unknown", - "license", - "timeout", - "disabled", - "validate", - "maxExecutableActions", - "maxAlerts", - "maxQueuedActions", - "ruleExecution" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "outcome", - "alerts_count" - ], - "type": "object" - }, - "mapped_params": { - "additionalProperties": {}, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "description": "Monitoring details of the rule.", - "properties": { - "run": { - "additionalProperties": false, - "description": "Rule run details.", - "properties": { - "calculated_metrics": { - "additionalProperties": false, - "description": "Calculation of different percentiles and success ratio.", - "properties": { - "p50": { - "type": "number" - }, - "p95": { - "type": "number" - }, - "p99": { - "type": "number" - }, - "success_ratio": { - "type": "number" - } - }, - "required": [ - "success_ratio" - ], - "type": "object" - }, - "history": { - "description": "History of the rule run.", - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule run.", - "type": "number" - }, - "outcome": { - "description": "Outcome of last run of the rule. Value could be succeeded, warning or failed.", - "enum": [ - "succeeded", - "warning", - "failed" - ], - "type": "string" - }, - "success": { - "description": "Indicates whether the rule run was successful.", - "type": "boolean" - }, - "timestamp": { - "description": "Time of rule run.", - "type": "number" - } - }, - "required": [ - "success", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "last_run": { - "additionalProperties": false, - "properties": { - "metrics": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of most recent rule run.", - "type": "number" - }, - "gap_duration_s": { - "description": "Duration in seconds of rule run gap.", - "nullable": true, - "type": "number" - }, - "total_alerts_created": { - "description": "Total number of alerts created during last rule run.", - "nullable": true, - "type": "number" - }, - "total_alerts_detected": { - "description": "Total number of alerts detected during last rule run.", - "nullable": true, - "type": "number" - }, - "total_indexing_duration_ms": { - "description": "Total time spent indexing documents during last rule run in milliseconds.", - "nullable": true, - "type": "number" - }, - "total_search_duration_ms": { - "description": "Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.", - "nullable": true, - "type": "number" - } - }, - "type": "object" - }, - "timestamp": { - "description": "Time of the most recent rule run.", - "type": "string" - } - }, - "required": [ - "timestamp", - "metrics" - ], - "type": "object" - } - }, - "required": [ - "history", - "calculated_metrics", - "last_run" - ], - "type": "object" - } - }, - "required": [ - "run" - ], - "type": "object" - }, - "mute_all": { - "description": "Indicates whether all alerts are muted.", - "type": "boolean" - }, - "muted_alert_ids": { - "items": { - "description": "List of identifiers of muted alerts. ", - "type": "string" - }, - "type": "array" - }, - "name": { - "description": " The name of the rule.", - "type": "string" - }, - "next_run": { - "description": "Date and time of the next run of the rule.", - "nullable": true, - "type": "string" - }, - "notify_when": { - "description": "Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "enum": [ - "onActionGroupChange", - "onActiveAlert", - "onThrottleInterval" - ], - "nullable": true, - "type": "string" - }, - "params": { - "additionalProperties": {}, - "description": "The parameters for the rule.", - "type": "object" - }, - "revision": { - "description": "The rule revision number.", - "type": "number" - }, - "rule_type_id": { - "description": "The rule type identifier.", - "type": "string" - }, - "running": { - "description": "Indicates whether the rule is running.", - "nullable": true, - "type": "boolean" - }, - "schedule": { - "additionalProperties": false, - "properties": { - "interval": { - "description": "The interval is specified in seconds, minutes, hours, or days.", - "type": "string" - } - }, - "required": [ - "interval" - ], - "type": "object" - }, - "scheduled_task_id": { - "description": "Identifier of the scheduled task.", - "type": "string" - }, - "snooze_schedule": { - "items": { - "additionalProperties": false, - "properties": { - "duration": { - "description": "Duration of the rule snooze schedule.", - "type": "number" - }, - "id": { - "description": "Identifier of the rule snooze schedule.", - "type": "string" - }, - "rRule": { - "additionalProperties": false, - "properties": { - "byhour": { - "items": { - "description": "Indicates hours of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byminute": { - "items": { - "description": "Indicates minutes of the hour to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonth": { - "items": { - "description": "Indicates months of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bymonthday": { - "items": { - "description": "Indicates the days of the month to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysecond": { - "items": { - "description": "Indicates seconds of the day to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "bysetpos": { - "items": { - "description": "A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byweekday": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ], - "description": "Indicates the days of the week to recur or else nth-day-of-month strings. For example, \"+2TU\" second Tuesday of month, \"-1FR\" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination." - }, - "nullable": true, - "type": "array" - }, - "byweekno": { - "items": { - "description": "Indicates number of the week hours to recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "byyearday": { - "items": { - "description": "Indicates the days of the year that this rule should recur.", - "type": "number" - }, - "nullable": true, - "type": "array" - }, - "count": { - "description": "Number of times the rule should recur until it stops.", - "type": "number" - }, - "dtstart": { - "description": "Rule start date in Coordinated Universal Time (UTC).", - "type": "string" - }, - "freq": { - "description": "Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.", - "enum": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "integer" - }, - "interval": { - "description": "Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.", - "type": "number" - }, - "tzid": { - "description": "Indicates timezone abbreviation.", - "type": "string" - }, - "until": { - "description": "Recur the rule until this date.", - "type": "string" - }, - "wkst": { - "description": "Indicates the start of week, defaults to Monday.", - "enum": [ - "MO", - "TU", - "WE", - "TH", - "FR", - "SA", - "SU" - ], - "type": "string" - } - }, - "required": [ - "dtstart", - "tzid" - ], - "type": "object" - }, - "skipRecurrences": { - "items": { - "description": "Skips recurrence of rule on this date.", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "duration", - "rRule" - ], - "type": "object" - }, - "type": "array" - }, - "tags": { - "items": { - "description": "The tags for the rule.", - "type": "string" - }, - "type": "array" - }, - "throttle": { - "deprecated": true, - "description": "Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.", - "nullable": true, - "type": "string" - }, - "updated_at": { - "description": "The date and time that the rule was updated most recently.", - "type": "string" - }, - "updated_by": { - "description": "The identifier for the user that updated this rule most recently.", - "nullable": true, - "type": "string" - }, - "view_in_app_relative_url": { - "description": "Relative URL to view rule in the app.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "enabled", - "name", - "tags", - "rule_type_id", - "consumer", - "schedule", - "actions", - "params", - "created_by", - "updated_by", - "created_at", - "updated_at", - "api_key_owner", - "mute_all", - "muted_alert_ids", - "execution_status", - "revision" - ], - "type": "object" - } - } - }, - "description": "Indicates a successful call." - }, - "400": { - "description": "Indicates an invalid schema or parameters." - }, - "403": { - "description": "Indicates that this call is forbidden." - } - }, - "summary": "Get information about rules", - "tags": [ - "alerting" - ] - } - }, - "/api/fleet/agent-status": { - "get": { - "operationId": "get-fleet-agent-status-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "policyId", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "policyIds", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "deprecated": true, - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/agent_download_sources": { - "get": { - "description": "List agent binary download sources", - "operationId": "get-fleet-agent-download-sources", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - }, - "post": { - "description": "Create agent binary download source", - "operationId": "post-fleet-agent-download-sources", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "host" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - } - }, - "/api/fleet/agent_download_sources/{sourceId}": { - "delete": { - "description": "Delete agent binary download source by ID", - "operationId": "delete-fleet-agent-download-sources-sourceid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "sourceId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - }, - "get": { - "description": "Get agent binary download source by ID", - "operationId": "get-fleet-agent-download-sources-sourceid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "sourceId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - }, - "put": { - "description": "Update agent binary download source by ID", - "operationId": "put-fleet-agent-download-sources-sourceid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "sourceId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "host" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "description": "The ID of the proxy to use for this download source. See the proxies API for more information.", - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent binary download sources" - ] - } - }, - "/api/fleet/agent_policies": { - "get": { - "description": "List agent policies", - "operationId": "get-fleet-agent-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "sortField", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "enum": [ - "desc", - "asc" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "showUpgradeable", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "description": "use withAgentCount instead", - "in": "query", - "name": "noAgentCount", - "required": false, - "schema": { - "deprecated": true, - "type": "boolean" - } - }, - { - "description": "get policies with agent count", - "in": "query", - "name": "withAgentCount", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "description": "get full policies with package policies populated", - "in": "query", - "name": "full", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - }, - "post": { - "description": "Create an agent policy", - "operationId": "post-fleet-agent-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "sys_monitoring", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "force": { - "type": "boolean" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_protected": { - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/_bulk_get": { - "post": { - "description": "Bulk get agent policies", - "operationId": "post-fleet-agent-policies-bulk-get", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "full": { - "description": "get full policies with package policies populated", - "type": "boolean" - }, - "ids": { - "description": "list of package policy ids", - "items": { - "type": "string" - }, - "type": "array" - }, - "ignoreMissing": { - "type": "boolean" - } - }, - "required": [ - "ids" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/delete": { - "post": { - "description": "Delete agent policy by ID", - "operationId": "post-fleet-agent-policies-delete", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agentPolicyId": { - "type": "string" - }, - "force": { - "description": "bypass validation checks that can prevent agent policy deletion", - "type": "boolean" - } - }, - "required": [ - "agentPolicyId" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/outputs": { - "post": { - "description": "Get list of outputs associated with agent policies", - "operationId": "post-fleet-agent-policies-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "ids": { - "description": "list of package policy ids", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "ids" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "agentPolicyId": { - "type": "string" - }, - "data": { - "additionalProperties": false, - "properties": { - "integrations": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "integrationPolicyName": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pkgName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "properties": { - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - } - }, - "required": [ - "monitoring", - "data" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}": { - "get": { - "description": "Get an agent policy by ID", - "operationId": "get-fleet-agent-policies-agentpolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - }, - "put": { - "description": "Update an agent policy by ID", - "operationId": "put-fleet-agent-policies-agentpolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "force": { - "type": "boolean" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_protected": { - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/copy": { - "post": { - "description": "Copy an agent policy by ID", - "operationId": "post-fleet-agent-policies-agentpolicyid-copy", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "name": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "advanced_settings": { - "additionalProperties": false, - "properties": { - "agent_download_target_directory": { - "nullable": true - }, - "agent_download_timeout": { - "default": "2h", - "nullable": true - }, - "agent_limits_go_max_procs": { - "nullable": true - }, - "agent_logging_level": { - "default": "info", - "nullable": true - }, - "agent_logging_metrics_period": { - "default": "30s", - "nullable": true - } - }, - "type": "object" - }, - "agent_features": { - "items": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "agents": { - "type": "number" - }, - "data_output_id": { - "nullable": true, - "type": "string" - }, - "description": { - "type": "string" - }, - "download_source_id": { - "nullable": true, - "type": "string" - }, - "fleet_server_host_id": { - "nullable": true, - "type": "string" - }, - "global_data_tags": { - "description": "User defined data tags that are added to all of the inputs. The values can be strings or numbers.", - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "has_fleet_server": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inactivity_timeout": { - "default": 1209600, - "minimum": 0, - "type": "number" - }, - "is_default": { - "type": "boolean" - }, - "is_default_fleet_server": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "is_protected": { - "description": "Indicates whether the agent policy has tamper protection enabled. Default false.", - "type": "boolean" - }, - "keep_monitoring_alive": { - "default": false, - "description": "When set to true, monitoring will be enabled but logs/metrics collection will be disabled", - "nullable": true, - "type": "boolean" - }, - "monitoring_diagnostics": { - "additionalProperties": false, - "properties": { - "limit": { - "additionalProperties": false, - "properties": { - "burst": { - "type": "number" - }, - "interval": { - "type": "string" - } - }, - "type": "object" - }, - "uploader": { - "additionalProperties": false, - "properties": { - "init_dur": { - "type": "string" - }, - "max_dur": { - "type": "string" - }, - "max_retries": { - "type": "number" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "monitoring_enabled": { - "items": { - "enum": [ - "logs", - "metrics", - "traces" - ], - "type": "string" - }, - "type": "array" - }, - "monitoring_http": { - "additionalProperties": false, - "properties": { - "buffer": { - "additionalProperties": false, - "properties": { - "enabled": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "host": { - "type": "string" - }, - "port": { - "maximum": 65353, - "minimum": 0, - "type": "number" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "monitoring_output_id": { - "nullable": true, - "type": "string" - }, - "monitoring_pprof_enabled": { - "type": "boolean" - }, - "name": { - "minLength": 1, - "type": "string" - }, - "namespace": { - "minLength": 1, - "type": "string" - }, - "overrides": { - "additionalProperties": {}, - "description": "Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "type": "object" - }, - "package_policies": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "description": "This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter", - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - ] - }, - "revision": { - "type": "number" - }, - "schema_version": { - "type": "string" - }, - "space_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "status": { - "enum": [ - "active", - "inactive" - ], - "type": "string" - }, - "supports_agentless": { - "default": false, - "description": "Indicates whether the agent policy supports agentless integrations.", - "nullable": true, - "type": "boolean" - }, - "unenroll_timeout": { - "minimum": 0, - "type": "number" - }, - "unprivileged_agents": { - "type": "number" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "namespace", - "is_managed", - "is_protected", - "status", - "updated_at", - "updated_by", - "revision" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/download": { - "get": { - "description": "Download an agent policy by ID", - "operationId": "get-fleet-agent-policies-agentpolicyid-download", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "standalone", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kubernetes", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "type": "string" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/full": { - "get": { - "description": "Get a full agent policy by ID", - "operationId": "get-fleet-agent-policies-agentpolicyid-full", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "standalone", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kubernetes", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "type": "string" - }, - { - "additionalProperties": false, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "download": { - "additionalProperties": false, - "properties": { - "sourceURI": { - "type": "string" - } - }, - "required": [ - "sourceURI" - ], - "type": "object" - }, - "features": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - } - }, - "required": [ - "enabled" - ], - "type": "object" - }, - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "logs": { - "type": "boolean" - }, - "metrics": { - "type": "boolean" - }, - "namespace": { - "type": "string" - }, - "traces": { - "type": "boolean" - }, - "use_output": { - "type": "string" - } - }, - "required": [ - "enabled", - "metrics", - "logs", - "traces" - ], - "type": "object" - }, - "protection": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "signing_key": { - "type": "string" - }, - "uninstall_token_hash": { - "type": "string" - } - }, - "required": [ - "enabled", - "uninstall_token_hash", - "signing_key" - ], - "type": "object" - } - }, - "required": [ - "monitoring", - "download", - "features" - ], - "type": "object" - }, - "fleet": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "proxy_headers": {}, - "proxy_url": { - "type": "string" - }, - "ssl": { - "additionalProperties": false, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "renegotiation": { - "type": "string" - }, - "verification_mode": { - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "hosts", - "proxy_headers" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "kibana": { - "additionalProperties": false, - "properties": { - "hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "path": { - "type": "string" - }, - "protocol": { - "type": "string" - } - }, - "required": [ - "hosts", - "protocol" - ], - "type": "object" - } - }, - "required": [ - "kibana" - ], - "type": "object" - } - ] - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "namespace": { - "type": "string" - } - }, - "required": [ - "namespace" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "meta": { - "additionalProperties": true, - "properties": { - "package": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - } - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "package_policy_id": { - "type": "string" - }, - "processors": { - "items": { - "additionalProperties": true, - "properties": { - "add_fields": { - "additionalProperties": true, - "properties": { - "fields": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - }, - "type": "object" - }, - "target": { - "type": "string" - } - }, - "required": [ - "target", - "fields" - ], - "type": "object" - } - }, - "required": [ - "add_fields" - ], - "type": "object" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "streams": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "dataset": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset" - ], - "type": "object" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "data_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "use_output": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "revision", - "type", - "data_stream", - "use_output", - "package_policy_id" - ], - "type": "object" - }, - "type": "array" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "output_permissions": { - "additionalProperties": { - "additionalProperties": {}, - "type": "object" - }, - "type": "object" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": true, - "properties": { - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "proxy_headers": {}, - "proxy_url": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "type", - "proxy_headers" - ], - "type": "object" - }, - "type": "object" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "signed": { - "additionalProperties": false, - "properties": { - "data": { - "type": "string" - }, - "signature": { - "type": "string" - } - }, - "required": [ - "data", - "signature" - ], - "type": "object" - } - }, - "required": [ - "id", - "outputs", - "inputs" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_policies/{agentPolicyId}/outputs": { - "get": { - "description": "Get list of outputs associated with agent policy by policy id", - "operationId": "get-fleet-agent-policies-agentpolicyid-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentPolicyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agentPolicyId": { - "type": "string" - }, - "data": { - "additionalProperties": false, - "properties": { - "integrations": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "integrationPolicyName": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pkgName": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - }, - "monitoring": { - "additionalProperties": false, - "properties": { - "output": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - }, - "required": [ - "output" - ], - "type": "object" - } - }, - "required": [ - "monitoring", - "data" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/agent_status": { - "get": { - "description": "Get agent status summary", - "operationId": "get-fleet-agent-status", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "policyId", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "policyIds", - "required": false, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "deprecated": true, - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "results": { - "additionalProperties": false, - "properties": { - "active": { - "type": "number" - }, - "all": { - "type": "number" - }, - "error": { - "type": "number" - }, - "events": { - "type": "number" - }, - "inactive": { - "type": "number" - }, - "offline": { - "type": "number" - }, - "online": { - "type": "number" - }, - "other": { - "type": "number" - }, - "total": { - "deprecated": true, - "type": "number" - }, - "unenrolled": { - "type": "number" - }, - "updating": { - "type": "number" - } - }, - "required": [ - "events", - "total", - "online", - "error", - "offline", - "other", - "updating", - "inactive", - "unenrolled", - "all", - "active" - ], - "type": "object" - } - }, - "required": [ - "results" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent status" - ] - } - }, - "/api/fleet/agent_status/data": { - "get": { - "description": "Get incoming agent data", - "operationId": "get-fleet-agent-status-data", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "agentsIds", - "required": true, - "schema": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - } - }, - { - "in": "query", - "name": "previewData", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "dataPreview": { - "items": {}, - "type": "array" - }, - "items": { - "items": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "data": { - "type": "boolean" - } - }, - "required": [ - "data" - ], - "type": "object" - }, - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items", - "dataPreview" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents": { - "get": { - "description": "List agents", - "operationId": "get-fleet-agents", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "showInactive", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "withMetrics", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "showUpgradeable", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "getStatusSummary", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "sortField", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - }, - "type": "array" - }, - "list": { - "deprecated": true, - "items": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "statusSummary": { - "additionalProperties": { - "type": "number" - }, - "type": "object" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "post": { - "description": "List agents by action ids", - "operationId": "post-fleet-agents", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionIds": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "actionIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/action_status": { - "get": { - "description": "Get agent action status", - "operationId": "get-fleet-agents-action-status", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 0, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "date", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "latest", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "errorSize", - "required": false, - "schema": { - "default": 5, - "type": "number" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - }, - "cancellationTime": { - "type": "string" - }, - "completionTime": { - "type": "string" - }, - "creationTime": { - "description": "creation time of action", - "type": "string" - }, - "expiration": { - "type": "string" - }, - "hasRolloutPeriod": { - "type": "boolean" - }, - "latestErrors": { - "items": { - "additionalProperties": false, - "description": "latest errors that happened when the agents executed the action", - "properties": { - "agentId": { - "type": "string" - }, - "error": { - "type": "string" - }, - "hostname": { - "type": "string" - }, - "timestamp": { - "type": "string" - } - }, - "required": [ - "agentId", - "error", - "timestamp" - ], - "type": "object" - }, - "type": "array" - }, - "nbAgentsAck": { - "description": "number of agents that acknowledged the action", - "type": "number" - }, - "nbAgentsActionCreated": { - "description": "number of agents included in action from kibana", - "type": "number" - }, - "nbAgentsActioned": { - "description": "number of agents actioned", - "type": "number" - }, - "nbAgentsFailed": { - "description": "number of agents that failed to execute the action", - "type": "number" - }, - "newPolicyId": { - "description": "new policy id (POLICY_REASSIGN action)", - "type": "string" - }, - "policyId": { - "description": "policy id (POLICY_CHANGE action)", - "type": "string" - }, - "revision": { - "description": "new policy revision (POLICY_CHANGE action)", - "type": "number" - }, - "startTime": { - "description": "start time of action (scheduled actions)", - "type": "string" - }, - "status": { - "enum": [ - "COMPLETE", - "EXPIRED", - "CANCELLED", - "FAILED", - "IN_PROGRESS", - "ROLLOUT_PASSED" - ], - "type": "string" - }, - "type": { - "enum": [ - "UPGRADE", - "UNENROLL", - "SETTINGS", - "POLICY_REASSIGN", - "CANCEL", - "FORCE_UNENROLL", - "REQUEST_DIAGNOSTICS", - "UPDATE_TAGS", - "POLICY_CHANGE", - "INPUT_ACTION" - ], - "type": "string" - }, - "version": { - "description": "agent version number (UPGRADE action)", - "type": "string" - } - }, - "required": [ - "actionId", - "nbAgentsActionCreated", - "nbAgentsAck", - "nbAgentsFailed", - "type", - "nbAgentsActioned", - "status", - "creationTime" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/actions/{actionId}/cancel": { - "post": { - "description": "Cancel agent action", - "operationId": "post-fleet-agents-actions-actionid-cancel", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "actionId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "ack_data": {}, - "agents": { - "items": { - "type": "string" - }, - "type": "array" - }, - "created_at": { - "type": "string" - }, - "data": {}, - "expiration": { - "type": "string" - }, - "id": { - "type": "string" - }, - "minimum_execution_duration": { - "type": "number" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "rollout_duration_seconds": { - "type": "number" - }, - "sent_at": { - "type": "string" - }, - "source_uri": { - "type": "string" - }, - "start_time": { - "type": "string" - }, - "total": { - "type": "number" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type", - "data", - "created_at", - "ack_data", - "agents" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/available_versions": { - "get": { - "description": "Get available agent versions", - "operationId": "get-fleet-agents-available-versions", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/bulk_reassign": { - "post": { - "description": "Bulk reassign agents", - "operationId": "post-fleet-agents-bulk-reassign", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "includeInactive": { - "default": false, - "type": "boolean" - }, - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id", - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_request_diagnostics": { - "post": { - "description": "Bulk request diagnostics from agents", - "operationId": "post-fleet-agents-bulk-request-diagnostics", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "additional_metrics": { - "items": { - "enum": [ - "CPU" - ], - "type": "string" - }, - "type": "array" - }, - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - } - }, - "required": [ - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_unenroll": { - "post": { - "description": "Bulk unenroll agents", - "operationId": "post-fleet-agents-bulk-unenroll", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "description": "KQL query string, leave empty to action all agents", - "type": "string" - }, - "type": "array" - }, - { - "description": "list of agent IDs", - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "force": { - "description": "Unenrolls hosted agents too", - "type": "boolean" - }, - "includeInactive": { - "description": "When passing agents by KQL query, unenrolls inactive agents too", - "type": "boolean" - }, - "revoke": { - "description": "Revokes API keys of agents", - "type": "boolean" - } - }, - "required": [ - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_update_agent_tags": { - "post": { - "description": "Bulk update agent tags", - "operationId": "post-fleet-agents-bulk-update-agent-tags", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "includeInactive": { - "default": false, - "type": "boolean" - }, - "tagsToAdd": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tagsToRemove": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "agents" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/bulk_upgrade": { - "post": { - "description": "Bulk upgrade agents", - "operationId": "post-fleet-agents-bulk-upgrade", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "agents": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "type": "string" - } - ] - }, - "batchSize": { - "type": "number" - }, - "force": { - "type": "boolean" - }, - "includeInactive": { - "default": false, - "type": "boolean" - }, - "rollout_duration_seconds": { - "minimum": 600, - "type": "number" - }, - "skipRateLimitCheck": { - "type": "boolean" - }, - "source_uri": { - "type": "string" - }, - "start_time": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "agents", - "version" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/files/{fileId}": { - "delete": { - "description": "Delete file uploaded by agent", - "operationId": "delete-fleet-agents-files-fileid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "fileId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "deleted": { - "type": "boolean" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "deleted" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/files/{fileId}/{fileName}": { - "get": { - "description": "Get file uploaded by agent", - "operationId": "get-fleet-agents-files-fileid-filename", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "fileId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "fileName", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/setup": { - "get": { - "description": "Get agent setup info", - "operationId": "get-fleet-agents-setup", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.", - "properties": { - "isReady": { - "type": "boolean" - }, - "is_secrets_storage_enabled": { - "type": "boolean" - }, - "is_space_awareness_enabled": { - "type": "boolean" - }, - "missing_optional_features": { - "items": { - "enum": [ - "encrypted_saved_object_encryption_key_required" - ], - "type": "string" - }, - "type": "array" - }, - "missing_requirements": { - "items": { - "enum": [ - "security_required", - "tls_required", - "api_keys", - "fleet_admin_user", - "fleet_server" - ], - "type": "string" - }, - "type": "array" - }, - "package_verification_key_id": { - "type": "string" - } - }, - "required": [ - "isReady", - "missing_requirements", - "missing_optional_features" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "post": { - "description": "Initiate agent setup", - "operationId": "post-fleet-agents-setup", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", - "properties": { - "isInitialized": { - "type": "boolean" - }, - "nonFatalErrors": { - "items": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "isInitialized", - "nonFatalErrors" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/tags": { - "get": { - "description": "List agent tags", - "operationId": "get-fleet-agents-tags", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "showInactive", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/{agentId}": { - "delete": { - "description": "Delete agent by ID", - "operationId": "delete-fleet-agents-agentid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "enum": [ - "deleted" - ], - "type": "string" - } - }, - "required": [ - "action" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "get": { - "description": "Get agent by ID", - "operationId": "get-fleet-agents-agentid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "withMetrics", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - }, - "put": { - "description": "Update agent by ID", - "operationId": "put-fleet-agents-agentid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "access_api_key": { - "type": "string" - }, - "access_api_key_id": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "agent": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "version" - ], - "type": "object" - }, - "components": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "type": "string" - }, - "units": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "message": { - "type": "string" - }, - "payload": { - "additionalProperties": {}, - "type": "object" - }, - "status": { - "enum": [ - "STARTING", - "CONFIGURING", - "HEALTHY", - "DEGRADED", - "FAILED", - "STOPPING", - "STOPPED" - ], - "type": "string" - }, - "type": { - "enum": [ - "input", - "output" - ], - "type": "string" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "id", - "type", - "status", - "message" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key": { - "type": "string" - }, - "default_api_key_history": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "default_api_key_id": { - "type": "string" - }, - "enrolled_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "last_checkin": { - "type": "string" - }, - "last_checkin_message": { - "type": "string" - }, - "last_checkin_status": { - "enum": [ - "error", - "online", - "degraded", - "updating", - "starting" - ], - "type": "string" - }, - "local_metadata": { - "additionalProperties": {}, - "type": "object" - }, - "metrics": { - "additionalProperties": false, - "properties": { - "cpu_avg": { - "type": "number" - }, - "memory_size_byte_avg": { - "type": "number" - } - }, - "type": "object" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "outputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "api_key_id": { - "type": "string" - }, - "to_retire_api_key_ids": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "retired_at": { - "type": "string" - } - }, - "required": [ - "id", - "retired_at" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "api_key_id", - "type" - ], - "type": "object" - }, - "type": "object" - }, - "packages": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_revision": { - "nullable": true, - "type": "number" - }, - "sort": { - "items": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - }, - { - "enum": [], - "nullable": true - } - ] - }, - "type": "array" - }, - "status": { - "enum": [ - "offline", - "error", - "online", - "inactive", - "enrolling", - "unenrolling", - "unenrolled", - "updating", - "degraded" - ], - "type": "string" - }, - "tags": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "enum": [ - "PERMANENT", - "EPHEMERAL", - "TEMPORARY" - ], - "type": "string" - }, - "unenrolled_at": { - "type": "string" - }, - "unenrollment_started_at": { - "type": "string" - }, - "unhealthy_reason": { - "items": { - "enum": [ - "input", - "output", - "other" - ], - "type": "string" - }, - "nullable": true, - "type": "array" - }, - "upgrade_details": { - "additionalProperties": false, - "properties": { - "action_id": { - "type": "string" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "download_percent": { - "type": "number" - }, - "download_rate": { - "type": "number" - }, - "error_msg": { - "type": "string" - }, - "failed_state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "retry_error_msg": { - "type": "string" - }, - "retry_until": { - "type": "string" - }, - "scheduled_at": { - "type": "string" - } - }, - "type": "object" - }, - "state": { - "enum": [ - "UPG_REQUESTED", - "UPG_SCHEDULED", - "UPG_DOWNLOADING", - "UPG_EXTRACTING", - "UPG_REPLACING", - "UPG_RESTARTING", - "UPG_FAILED", - "UPG_WATCHING", - "UPG_ROLLBACK" - ], - "type": "string" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "target_version", - "action_id", - "state" - ], - "type": "object" - }, - "upgrade_started_at": { - "nullable": true, - "type": "string" - }, - "upgraded_at": { - "nullable": true, - "type": "string" - }, - "user_provided_metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "id", - "packages", - "type", - "active", - "enrolled_at", - "local_metadata" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/agents/{agentId}/actions": { - "post": { - "description": "Create agent action", - "operationId": "post-fleet-agents-agentid-actions", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "ack_data": {}, - "data": {}, - "type": { - "enum": [ - "UNENROLL", - "UPGRADE", - "POLICY_REASSIGN" - ], - "type": "string" - } - }, - "required": [ - "type", - "data", - "ack_data" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "data": { - "additionalProperties": false, - "properties": { - "log_level": { - "enum": [ - "debug", - "info", - "warning", - "error" - ], - "nullable": true, - "type": "string" - } - }, - "required": [ - "log_level" - ], - "type": "object" - }, - "type": { - "enum": [ - "SETTINGS" - ], - "type": "string" - } - }, - "required": [ - "type", - "data" - ], - "type": "object" - } - ] - } - }, - "required": [ - "action" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "ack_data": {}, - "agents": { - "items": { - "type": "string" - }, - "type": "array" - }, - "created_at": { - "type": "string" - }, - "data": {}, - "expiration": { - "type": "string" - }, - "id": { - "type": "string" - }, - "minimum_execution_duration": { - "type": "number" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "rollout_duration_seconds": { - "type": "number" - }, - "sent_at": { - "type": "string" - }, - "source_uri": { - "type": "string" - }, - "start_time": { - "type": "string" - }, - "total": { - "type": "number" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type", - "data", - "created_at", - "ack_data", - "agents" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/reassign": { - "post": { - "description": "Reassign agent", - "operationId": "post-fleet-agents-agentid-reassign", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": {}, - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - }, - "put": { - "operationId": "put-fleet-agents-agentid-reassign", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/agents/{agentId}/request_diagnostics": { - "post": { - "description": "Request agent diagnostics", - "operationId": "post-fleet-agents-agentid-request-diagnostics", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "additional_metrics": { - "items": { - "enum": [ - "CPU" - ], - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - } - }, - "required": [ - "actionId" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/unenroll": { - "post": { - "description": "Unenroll agent", - "operationId": "post-fleet-agents-agentid-unenroll", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - }, - "revoke": { - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/upgrade": { - "post": { - "description": "Upgrade agent", - "operationId": "post-fleet-agents-agentid-upgrade", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "force": { - "type": "boolean" - }, - "skipRateLimitCheck": { - "type": "boolean" - }, - "source_uri": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "version" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": {}, - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent actions" - ] - } - }, - "/api/fleet/agents/{agentId}/uploads": { - "get": { - "description": "List agent uploads", - "operationId": "get-fleet-agents-agentid-uploads", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "agentId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "actionId": { - "type": "string" - }, - "createTime": { - "type": "string" - }, - "error": { - "type": "string" - }, - "filePath": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "status": { - "enum": [ - "READY", - "AWAITING_UPLOAD", - "DELETED", - "EXPIRED", - "IN_PROGRESS", - "FAILED" - ], - "type": "string" - } - }, - "required": [ - "id", - "name", - "filePath", - "createTime", - "status", - "actionId" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agents" - ] - } - }, - "/api/fleet/check-permissions": { - "get": { - "description": "Check permissions", - "operationId": "get-fleet-check-permissions", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "fleetServerSetup", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "error": { - "enum": [ - "MISSING_SECURITY", - "MISSING_PRIVILEGES", - "MISSING_FLEET_SERVER_SETUP_PRIVILEGES" - ], - "type": "string" - }, - "success": { - "type": "boolean" - } - }, - "required": [ - "success" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/data_streams": { - "get": { - "description": "List data streams", - "operationId": "get-fleet-data-streams", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "data_streams": { - "items": { - "additionalProperties": false, - "properties": { - "dashboards": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "id", - "title" - ], - "type": "object" - }, - "type": "array" - }, - "dataset": { - "type": "string" - }, - "index": { - "type": "string" - }, - "last_activity_ms": { - "type": "number" - }, - "namespace": { - "type": "string" - }, - "package": { - "type": "string" - }, - "package_version": { - "type": "string" - }, - "serviceDetails": { - "additionalProperties": false, - "nullable": true, - "properties": { - "environment": { - "type": "string" - }, - "serviceName": { - "type": "string" - } - }, - "required": [ - "environment", - "serviceName" - ], - "type": "object" - }, - "size_in_bytes": { - "type": "number" - }, - "size_in_bytes_formatted": { - "anyOf": [ - { - "type": "number" - }, - { - "type": "string" - } - ] - }, - "type": { - "type": "string" - } - }, - "required": [ - "index", - "dataset", - "namespace", - "type", - "package", - "package_version", - "last_activity_ms", - "size_in_bytes", - "size_in_bytes_formatted", - "dashboards", - "serviceDetails" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "data_streams" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Data streams" - ] - } - }, - "/api/fleet/enrollment-api-keys": { - "get": { - "operationId": "get-fleet-enrollment-api-keys-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - }, - "post": { - "operationId": "post-fleet-enrollment-api-keys-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "expiration": { - "type": "string" - }, - "name": { - "type": "string" - }, - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/enrollment-api-keys/{keyId}": { - "delete": { - "operationId": "delete-fleet-enrollment-api-keys-keyid-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - }, - "get": { - "operationId": "get-fleet-enrollment-api-keys-keyid-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/enrollment_api_keys": { - "get": { - "description": "List enrollment API keys", - "operationId": "get-fleet-enrollment-api-keys", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "default": 1, - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 20, - "type": "number" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - }, - "type": "array" - }, - "list": { - "deprecated": true, - "items": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage", - "list" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - }, - "post": { - "description": "Create enrollment API key", - "operationId": "post-fleet-enrollment-api-keys", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "expiration": { - "type": "string" - }, - "name": { - "type": "string" - }, - "policy_id": { - "type": "string" - } - }, - "required": [ - "policy_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "enum": [ - "created" - ], - "type": "string" - }, - "item": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - } - }, - "required": [ - "item", - "action" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - } - }, - "/api/fleet/enrollment_api_keys/{keyId}": { - "delete": { - "description": "Revoke enrollment API key by ID by marking it as inactive", - "operationId": "delete-fleet-enrollment-api-keys-keyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "action": { - "enum": [ - "deleted" - ], - "type": "string" - } - }, - "required": [ - "action" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - }, - "get": { - "description": "Get enrollment API key by ID", - "operationId": "get-fleet-enrollment-api-keys-keyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "keyId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "active": { - "description": "When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.", - "type": "boolean" - }, - "api_key": { - "description": "The enrollment API key (token) used for enrolling Elastic Agents.", - "type": "string" - }, - "api_key_id": { - "description": "The ID of the API key in the Security API.", - "type": "string" - }, - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "name": { - "description": "The name of the enrollment API key.", - "type": "string" - }, - "policy_id": { - "description": "The ID of the agent policy the Elastic Agent will be enrolled in.", - "type": "string" - } - }, - "required": [ - "id", - "api_key_id", - "api_key", - "active", - "created_at" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet enrollment API keys" - ] - } - }, - "/api/fleet/epm/bulk_assets": { - "post": { - "description": "Bulk get assets", - "operationId": "post-fleet-epm-bulk-assets", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "assetIds": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "assetIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "appLink": { - "type": "string" - }, - "attributes": { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "service": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "type": "object" - }, - "id": { - "type": "string" - }, - "type": { - "type": "string" - }, - "updatedAt": { - "type": "string" - } - }, - "required": [ - "id", - "type", - "attributes" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/categories": { - "get": { - "description": "List package categories", - "operationId": "get-fleet-epm-categories", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "experimental", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "include_policy_templates", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "count": { - "type": "number" - }, - "id": { - "type": "string" - }, - "parent_id": { - "type": "string" - }, - "parent_title": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "id", - "title", - "count" - ], - "type": "object" - }, - "type": "array" - }, - "response": { - "items": { - "additionalProperties": false, - "deprecated": true, - "properties": { - "count": { - "type": "number" - }, - "id": { - "type": "string" - }, - "parent_id": { - "type": "string" - }, - "parent_title": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "id", - "title", - "count" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/custom_integrations": { - "post": { - "description": "Create custom integration", - "operationId": "post-fleet-epm-custom-integrations", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "datasets": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "type": { - "enum": [ - "logs", - "metrics", - "traces", - "synthetics", - "profiling" - ], - "type": "string" - } - }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "force": { - "type": "boolean" - }, - "integrationName": { - "type": "string" - } - }, - "required": [ - "integrationName", - "datasets" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_meta": { - "additionalProperties": false, - "properties": { - "install_source": { - "type": "string" - } - }, - "required": [ - "install_source" - ], - "type": "object" - }, - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items", - "_meta" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/data_streams": { - "get": { - "description": "List data streams", - "operationId": "get-fleet-epm-data-streams", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "type", - "required": false, - "schema": { - "enum": [ - "logs", - "metrics", - "traces", - "synthetics", - "profiling" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "datasetQuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "default": "asc", - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "uncategorisedOnly", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Data streams" - ] - } - }, - "/api/fleet/epm/packages": { - "get": { - "description": "List packages", - "operationId": "get-fleet-epm-packages", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "category", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "experimental", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "excludeInstallStatus", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": true, - "properties": { - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "id": { - "type": "string" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "integration": { - "type": "string" - }, - "internal": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "name": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "id" - ], - "type": "object" - }, - "type": "array" - }, - "response": { - "items": { - "additionalProperties": true, - "deprecated": true, - "properties": { - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "id": { - "type": "string" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "integration": { - "type": "string" - }, - "internal": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "name": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "id" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "post": { - "description": "Install package by upload", - "operationId": "post-fleet-epm-packages", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "ignoreMappingUpdateErrors", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "skipDataStreamRollover", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { - "schema": { - "format": "binary", - "type": "string" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_meta": { - "additionalProperties": false, - "properties": { - "install_source": { - "type": "string" - } - }, - "required": [ - "install_source" - ], - "type": "object" - }, - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items", - "_meta" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/gzip; application/zip; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/_bulk": { - "post": { - "description": "Bulk install packages", - "operationId": "post-fleet-epm-packages-bulk", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "force": { - "default": false, - "type": "boolean" - }, - "packages": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "prerelease": { - "type": "boolean" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - } - ] - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "packages" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "result": { - "additionalProperties": false, - "properties": { - "assets": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "error": {}, - "installSource": { - "type": "string" - }, - "installType": { - "type": "string" - }, - "status": { - "enum": [ - "installed", - "already_installed" - ], - "type": "string" - } - }, - "required": [ - "error", - "installType" - ], - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version", - "result" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "error": { - "anyOf": [ - { - "type": "string" - }, - {} - ] - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "name", - "statusCode", - "error" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "result": { - "additionalProperties": false, - "properties": { - "assets": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "error": {}, - "installSource": { - "type": "string" - }, - "installType": { - "type": "string" - }, - "status": { - "enum": [ - "installed", - "already_installed" - ], - "type": "string" - } - }, - "required": [ - "error", - "installType" - ], - "type": "object" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version", - "result" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "error": { - "anyOf": [ - { - "type": "string" - }, - {} - ] - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "name", - "statusCode", - "error" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/installed": { - "get": { - "description": "Get installed packages", - "operationId": "get-fleet-epm-packages-installed", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "dataStreamType", - "required": false, - "schema": { - "enum": [ - "logs", - "metrics", - "traces", - "synthetics", - "profiling" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "showOnlyActiveDataStreams", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "nameQuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "searchAfter", - "required": false, - "schema": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - }, - "type": "array" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "default": 15, - "type": "number" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "default": "asc", - "enum": [ - "asc", - "desc" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "dataStreams": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "title": { - "type": "string" - } - }, - "required": [ - "name", - "title" - ], - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version", - "status", - "dataStreams" - ], - "type": "object" - }, - "type": "array" - }, - "searchAfter": { - "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - }, - { - "type": "boolean" - }, - { - "enum": [], - "nullable": true - }, - {} - ] - }, - "type": "array" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/limited": { - "get": { - "description": "Get limited package list", - "operationId": "get-fleet-epm-packages-limited", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "type": "string" - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/stats": { - "get": { - "description": "Get package stats", - "operationId": "get-fleet-epm-packages-pkgname-stats", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "response": { - "additionalProperties": false, - "properties": { - "agent_policy_count": { - "type": "number" - } - }, - "required": [ - "agent_policy_count" - ], - "type": "object" - } - }, - "required": [ - "response" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/{pkgVersion}": { - "delete": { - "description": "Delete package", - "operationId": "delete-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "force", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - } - }, - "required": [ - "force" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "get": { - "description": "Get package", - "operationId": "get-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "ignoreUnverified", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "full", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "withMetadata", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - }, - "metadata": { - "additionalProperties": false, - "properties": { - "has_policies": { - "type": "boolean" - } - }, - "required": [ - "has_policies" - ], - "type": "object" - }, - "response": { - "additionalProperties": true, - "deprecated": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "post": { - "description": "Install package from registry", - "operationId": "post-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "ignoreMappingUpdateErrors", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "skipDataStreamRollover", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "default": false, - "type": "boolean" - }, - "ignore_constraints": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_meta": { - "additionalProperties": false, - "properties": { - "install_source": { - "type": "string" - } - }, - "required": [ - "install_source" - ], - "type": "object" - }, - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "response": { - "deprecated": true, - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - } - ] - }, - "type": "array" - } - }, - "required": [ - "items", - "_meta" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - }, - "put": { - "description": "Update package settings", - "operationId": "put-fleet-epm-packages-pkgname-pkgversion", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "keepPoliciesUpToDate": { - "type": "boolean" - } - }, - "required": [ - "keepPoliciesUpToDate" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - }, - "response": { - "additionalProperties": true, - "deprecated": true, - "properties": { - "agent": { - "additionalProperties": false, - "properties": { - "privileges": { - "additionalProperties": false, - "properties": { - "root": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "asset_tags": { - "items": { - "additionalProperties": false, - "properties": { - "asset_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "asset_types": { - "items": { - "type": "string" - }, - "type": "array" - }, - "text": { - "type": "string" - } - }, - "required": [ - "text" - ], - "type": "object" - }, - "type": "array" - }, - "assets": { - "additionalProperties": {}, - "type": "object" - }, - "categories": { - "items": { - "type": "string" - }, - "type": "array" - }, - "conditions": { - "additionalProperties": true, - "properties": { - "elastic": { - "additionalProperties": true, - "properties": { - "capabilities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "subscription": { - "type": "string" - } - }, - "type": "object" - }, - "kibana": { - "additionalProperties": true, - "properties": { - "version": { - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "data_streams": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "description": { - "type": "string" - }, - "discovery": { - "additionalProperties": true, - "properties": { - "fields": { - "items": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "download": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": {}, - "type": "object" - }, - "format_version": { - "type": "string" - }, - "icons": { - "items": { - "additionalProperties": true, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "installationInfo": { - "additionalProperties": true, - "properties": { - "additional_spaces_installed_kibana": { - "additionalProperties": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "type": "object" - }, - "created_at": { - "type": "string" - }, - "experimental_data_stream_features": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": true, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "install_format_schema_version": { - "type": "string" - }, - "install_source": { - "enum": [ - "registry", - "upload", - "bundled", - "custom" - ], - "type": "string" - }, - "install_status": { - "enum": [ - "installed", - "installing", - "install_failed" - ], - "type": "string" - }, - "installed_es": { - "items": { - "additionalProperties": true, - "properties": { - "deferred": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "type": { - "enum": [ - "index", - "index_template", - "component_template", - "ingest_pipeline", - "ilm_policy", - "data_stream_ilm_policy", - "transform", - "ml_model" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana": { - "items": { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - }, - "originId": { - "type": "string" - }, - "type": { - "enum": [ - "dashboard", - "lens", - "visualization", - "search", - "index-pattern", - "map", - "ml-module", - "security-rule", - "csp-rule-template", - "osquery-pack-asset", - "osquery-saved-query", - "tag" - ], - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "installed_kibana_space_id": { - "type": "string" - }, - "latest_executed_state": { - "additionalProperties": true, - "properties": { - "error": { - "type": "string" - }, - "name": { - "type": "string" - }, - "started_at": { - "type": "string" - } - }, - "required": [ - "name", - "started_at" - ], - "type": "object" - }, - "latest_install_failed_attempts": { - "items": { - "additionalProperties": true, - "properties": { - "created_at": { - "type": "string" - }, - "error": { - "additionalProperties": true, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "stack": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "target_version": { - "type": "string" - } - }, - "required": [ - "created_at", - "target_version", - "error" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "updated_at": { - "type": "string" - }, - "verification_key_id": { - "nullable": true, - "type": "string" - }, - "verification_status": { - "enum": [ - "unverified", - "verified", - "unknown" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "type", - "installed_kibana", - "installed_es", - "name", - "version", - "install_status", - "install_source", - "verification_status" - ], - "type": "object" - }, - "internal": { - "type": "boolean" - }, - "keepPoliciesUpToDate": { - "type": "boolean" - }, - "latestVersion": { - "type": "string" - }, - "license": { - "type": "string" - }, - "licensePath": { - "type": "string" - }, - "name": { - "type": "string" - }, - "notice": { - "type": "string" - }, - "owner": { - "additionalProperties": true, - "properties": { - "github": { - "type": "string" - }, - "type": { - "enum": [ - "elastic", - "partner", - "community" - ], - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "policy_templates": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "readme": { - "type": "string" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "savedObject": {}, - "screenshots": { - "items": { - "additionalProperties": false, - "properties": { - "dark_mode": { - "type": "boolean" - }, - "path": { - "type": "string" - }, - "size": { - "type": "string" - }, - "src": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "src" - ], - "type": "object" - }, - "type": "array" - }, - "signature_path": { - "type": "string" - }, - "source": { - "additionalProperties": true, - "properties": { - "license": { - "type": "string" - } - }, - "required": [ - "license" - ], - "type": "object" - }, - "status": { - "type": "string" - }, - "title": { - "type": "string" - }, - "type": { - "enum": [ - "integration", - "input", - "content" - ], - "type": "string" - }, - "vars": { - "items": { - "additionalProperties": {}, - "type": "object" - }, - "type": "array" - }, - "version": { - "type": "string" - } - }, - "required": [ - "savedObject", - "name", - "version", - "title", - "assets" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize": { - "post": { - "description": "Authorize transforms", - "operationId": "post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "transforms": { - "items": { - "additionalProperties": false, - "properties": { - "transformId": { - "type": "string" - } - }, - "required": [ - "transformId" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "transforms" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "error": { - "nullable": true - }, - "success": { - "type": "boolean" - }, - "transformId": { - "type": "string" - } - }, - "required": [ - "transformId", - "success", - "error" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}": { - "get": { - "description": "Get package file", - "operationId": "get-fleet-epm-packages-pkgname-pkgversion-filepath", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "filePath", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": {} - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/packages/{pkgkey}": { - "delete": { - "operationId": "delete-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - } - }, - "required": [ - "force" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - }, - "get": { - "operationId": "get-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "ignoreUnverified", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "full", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "withMetadata", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - }, - "post": { - "operationId": "post-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "ignoreMappingUpdateErrors", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - }, - { - "in": "query", - "name": "skipDataStreamRollover", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "force": { - "type": "boolean" - } - }, - "required": [ - "force" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - }, - "put": { - "operationId": "put-fleet-epm-packages-pkgkey", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "pkgkey", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "keepPoliciesUpToDate": { - "type": "boolean" - } - }, - "required": [ - "keepPoliciesUpToDate" - ], - "type": "object" - } - } - } - }, - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": { - "get": { - "description": "Get inputs template", - "operationId": "get-fleet-epm-templates-pkgname-pkgversion-inputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "pkgName", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "path", - "name": "pkgVersion", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "default": "json", - "enum": [ - "json", - "yml", - "yaml" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "prerelease", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "ignoreUnverified", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "type": "string" - }, - { - "additionalProperties": false, - "properties": { - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "dataset": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset" - ], - "type": "object" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "data_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - } - }, - "required": [ - "id", - "type" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "inputs" - ], - "type": "object" - } - ] - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/epm/verification_key_id": { - "get": { - "description": "Get a package signature verification key ID", - "operationId": "get-fleet-epm-verification-key-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Package Manager (EPM)" - ] - } - }, - "/api/fleet/fleet_server_hosts": { - "get": { - "description": "List Fleet Server hosts", - "operationId": "get-fleet-fleet-server-hosts", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - }, - "post": { - "description": "Create Fleet Server host", - "operationId": "post-fleet-fleet-server-hosts", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "name", - "host_urls" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - } - }, - "/api/fleet/fleet_server_hosts/{itemId}": { - "delete": { - "description": "Delete Fleet Server host by ID", - "operationId": "delete-fleet-fleet-server-hosts-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - }, - "get": { - "description": "Get Fleet Server host by ID", - "operationId": "get-fleet-fleet-server-hosts-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - }, - "put": { - "description": "Update Fleet Server host by ID", - "operationId": "put-fleet-fleet-server-hosts-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "is_default": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "proxy_id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "host_urls": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "name", - "host_urls" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet Server hosts" - ] - } - }, - "/api/fleet/health_check": { - "post": { - "description": "Check Fleet Server health", - "operationId": "post-fleet-health-check", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "format": "uri", - "type": "string" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "host": { - "deprecated": true, - "type": "string" - }, - "host_id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "status": { - "type": "string" - } - }, - "required": [ - "status" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/kubernetes": { - "get": { - "description": "Get full K8s agent manifest", - "operationId": "get-fleet-kubernetes", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "fleetServer", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "enrolToken", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "type": "string" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/kubernetes/download": { - "get": { - "operationId": "get-fleet-kubernetes-download", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "download", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "fleetServer", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "enrolToken", - "required": false, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "type": "string" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Elastic Agent policies" - ] - } - }, - "/api/fleet/logstash_api_keys": { - "post": { - "description": "Generate Logstash API key", - "operationId": "post-fleet-logstash-api-keys", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "api_key": { - "type": "string" - } - }, - "required": [ - "api_key" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/message_signing_service/rotate_key_pair": { - "post": { - "description": "Rotate fleet message signing key pair", - "operationId": "post-fleet-message-signing-service-rotate-key-pair", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "acknowledge", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "500": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Message Signing Service" - ] - } - }, - "/api/fleet/outputs": { - "get": { - "description": "List outputs", - "operationId": "get-fleet-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - }, - "post": { - "description": "Create output", - "operationId": "post-fleet-outputs", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": false, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": false, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": false, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/outputs/{outputId}": { - "delete": { - "description": "Delete output by ID", - "operationId": "delete-fleet-outputs-outputid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - }, - "get": { - "description": "Get output by ID", - "operationId": "get-fleet-outputs-outputid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - }, - "put": { - "description": "Update output by ID", - "operationId": "put-fleet-outputs-outputid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_default_monitoring": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_default_monitoring": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "type": "boolean" - }, - "is_default_monitoring": { - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": false, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": false, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": false, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": false, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": false, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": false, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": false, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": false, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "compression_level", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "preset": { - "enum": [ - "balanced", - "custom", - "throughput", - "scale", - "latency" - ], - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "service_token": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - }, - "service_token": { - "nullable": true, - "type": "string" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "remote_elasticsearch" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "type": { - "enum": [ - "logstash" - ], - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts" - ], - "type": "object" - }, - { - "additionalProperties": true, - "properties": { - "allow_edit": { - "items": { - "type": "string" - }, - "type": "array" - }, - "auth_type": { - "enum": [ - "none", - "user_pass", - "ssl", - "kerberos" - ], - "type": "string" - }, - "broker_timeout": { - "type": "number" - }, - "ca_sha256": { - "nullable": true, - "type": "string" - }, - "ca_trusted_fingerprint": { - "nullable": true, - "type": "string" - }, - "client_id": { - "type": "string" - }, - "compression": { - "enum": [ - "gzip", - "snappy", - "lz4", - "none" - ], - "type": "string" - }, - "compression_level": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "number" - }, - { - "not": {} - } - ] - }, - "config_yaml": { - "nullable": true, - "type": "string" - }, - "connection_type": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - "plaintext", - "encryption" - ], - "type": "string" - }, - { - "not": {} - } - ] - }, - "hash": { - "additionalProperties": true, - "properties": { - "hash": { - "type": "string" - }, - "random": { - "type": "boolean" - } - }, - "type": "object" - }, - "headers": { - "items": { - "additionalProperties": true, - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hosts": { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "id": { - "type": "string" - }, - "is_default": { - "default": false, - "type": "boolean" - }, - "is_default_monitoring": { - "default": false, - "type": "boolean" - }, - "is_internal": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - }, - "key": { - "type": "string" - }, - "name": { - "type": "string" - }, - "partition": { - "enum": [ - "random", - "round_robin", - "hash" - ], - "type": "string" - }, - "password": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "not": {} - }, - { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - } - ] - }, - "proxy_id": { - "nullable": true, - "type": "string" - }, - "random": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "required_acks": { - "enum": [ - 1, - 0, - -1 - ], - "type": "integer" - }, - "round_robin": { - "additionalProperties": true, - "properties": { - "group_events": { - "type": "number" - } - }, - "type": "object" - }, - "sasl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "mechanism": { - "enum": [ - "PLAIN", - "SCRAM-SHA-256", - "SCRAM-SHA-512" - ], - "type": "string" - } - }, - "type": "object" - }, - "secrets": { - "additionalProperties": true, - "properties": { - "password": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - }, - "ssl": { - "additionalProperties": true, - "properties": { - "key": { - "anyOf": [ - { - "additionalProperties": true, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - { - "type": "string" - } - ] - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "shipper": { - "additionalProperties": true, - "nullable": true, - "properties": { - "compression_level": { - "nullable": true, - "type": "number" - }, - "disk_queue_compression_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_enabled": { - "default": false, - "nullable": true, - "type": "boolean" - }, - "disk_queue_encryption_enabled": { - "nullable": true, - "type": "boolean" - }, - "disk_queue_max_size": { - "nullable": true, - "type": "number" - }, - "disk_queue_path": { - "nullable": true, - "type": "string" - }, - "loadbalance": { - "nullable": true, - "type": "boolean" - }, - "max_batch_bytes": { - "nullable": true, - "type": "number" - }, - "mem_queue_events": { - "nullable": true, - "type": "number" - }, - "queue_flush_timeout": { - "nullable": true, - "type": "number" - } - }, - "required": [ - "disk_queue_path", - "disk_queue_max_size", - "disk_queue_encryption_enabled", - "disk_queue_compression_enabled", - "compression_level", - "loadbalance", - "mem_queue_events", - "queue_flush_timeout", - "max_batch_bytes" - ], - "type": "object" - }, - "ssl": { - "additionalProperties": true, - "nullable": true, - "properties": { - "certificate": { - "type": "string" - }, - "certificate_authorities": { - "items": { - "type": "string" - }, - "type": "array" - }, - "key": { - "type": "string" - }, - "verification_mode": { - "enum": [ - "full", - "none", - "certificate", - "strict" - ], - "type": "string" - } - }, - "type": "object" - }, - "timeout": { - "type": "number" - }, - "topic": { - "type": "string" - }, - "topics": { - "items": { - "additionalProperties": true, - "properties": { - "topic": { - "type": "string" - }, - "when": { - "additionalProperties": true, - "properties": { - "condition": { - "type": "string" - }, - "type": { - "enum": [ - "equals", - "contains", - "regexp" - ], - "type": "string" - } - }, - "type": "object" - } - }, - "required": [ - "topic" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" - }, - "type": { - "enum": [ - "kafka" - ], - "type": "string" - }, - "username": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "type": "string" - }, - { - "not": {} - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "type", - "hosts", - "compression_level", - "auth_type", - "connection_type", - "username", - "password" - ], - "type": "object" - } - ] - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/outputs/{outputId}/health": { - "get": { - "description": "Get latest output health", - "operationId": "get-fleet-outputs-outputid-health", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "outputId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "description": "long message if unhealthy", - "type": "string" - }, - "state": { - "description": "state of output, HEALTHY or DEGRADED", - "type": "string" - }, - "timestamp": { - "description": "timestamp of reported state", - "type": "string" - } - }, - "required": [ - "state", - "message", - "timestamp" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet outputs" - ] - } - }, - "/api/fleet/package_policies": { - "get": { - "description": "List package policies", - "operationId": "get-fleet-package-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "type": "number" - } - }, - { - "in": "query", - "name": "sortField", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "sortOrder", - "required": false, - "schema": { - "enum": [ - "desc", - "asc" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "showUpgradeable", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "in": "query", - "name": "kuery", - "required": false, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - }, - { - "in": "query", - "name": "withAgentCount", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - }, - "post": { - "description": "Create package policy", - "operationId": "post-fleet-package-policies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "description": { - "description": "Package policy description", - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "force": { - "description": "Force package policy creation even if package is not verified, or if the agent policy is managed.", - "type": "boolean" - }, - "id": { - "description": "Package policy unique identifier", - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "inputs" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "force": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "package" - ], - "type": "object" - } - ], - "description": "You should use inputs as an object and not use the deprecated inputs array." - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "409": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/_bulk_get": { - "post": { - "description": "Bulk get package policies", - "operationId": "post-fleet-package-policies-bulk-get", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "ids": { - "description": "list of package policy ids", - "items": { - "type": "string" - }, - "type": "array" - }, - "ignoreMissing": { - "type": "boolean" - } - }, - "required": [ - "ids" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "items" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/delete": { - "post": { - "description": "Bulk delete package policies", - "operationId": "post-fleet-package-policies-delete", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "force": { - "type": "boolean" - }, - "packagePolicyIds": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "packagePolicyIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "body": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Use `policy_ids` instead", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "statusCode": { - "type": "number" - }, - "success": { - "type": "boolean" - } - }, - "required": [ - "id", - "success", - "policy_ids", - "package" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/upgrade": { - "post": { - "description": "Upgrade package policy to a newer package version", - "operationId": "post-fleet-package-policies-upgrade", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "packagePolicyIds": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "packagePolicyIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "body": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - }, - "success": { - "type": "boolean" - } - }, - "required": [ - "id", - "success" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/upgrade/dryrun": { - "post": { - "description": "Dry run package policy upgrade", - "operationId": "post-fleet-package-policies-upgrade-dryrun", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "packagePolicyIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "packageVersion": { - "type": "string" - } - }, - "required": [ - "packagePolicyIds" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "items": { - "additionalProperties": false, - "properties": { - "agent_diff": { - "items": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "namespace": { - "type": "string" - } - }, - "required": [ - "namespace" - ], - "type": "object" - }, - "id": { - "type": "string" - }, - "meta": { - "additionalProperties": true, - "properties": { - "package": { - "additionalProperties": true, - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - } - }, - "required": [ - "package" - ], - "type": "object" - }, - "name": { - "type": "string" - }, - "package_policy_id": { - "type": "string" - }, - "processors": { - "items": { - "additionalProperties": true, - "properties": { - "add_fields": { - "additionalProperties": true, - "properties": { - "fields": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "number" - } - ] - }, - "type": "object" - }, - "target": { - "type": "string" - } - }, - "required": [ - "target", - "fields" - ], - "type": "object" - } - }, - "required": [ - "add_fields" - ], - "type": "object" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "streams": { - "items": { - "additionalProperties": true, - "properties": { - "data_stream": { - "additionalProperties": true, - "properties": { - "dataset": { - "type": "string" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset" - ], - "type": "object" - }, - "id": { - "type": "string" - } - }, - "required": [ - "id", - "data_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "use_output": { - "type": "string" - } - }, - "required": [ - "id", - "name", - "revision", - "type", - "data_stream", - "use_output", - "package_policy_id" - ], - "type": "object" - }, - "type": "array" - }, - "type": "array" - }, - "body": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "diff": { - "items": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "description": { - "description": "Package policy description", - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "errors": { - "items": { - "additionalProperties": false, - "properties": { - "key": { - "type": "string" - }, - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "type": "array" - }, - "force": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "missingVars": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "enabled", - "inputs" - ], - "type": "object" - } - ] - }, - "type": "array" - }, - "hasErrors": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "hasErrors" - ], - "type": "object" - }, - "type": "array" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/package_policies/{packagePolicyId}": { - "delete": { - "description": "Delete package policy by ID", - "operationId": "delete-fleet-package-policies-packagepolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "packagePolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "force", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - }, - "get": { - "description": "Get package policy by ID", - "operationId": "get-fleet-package-policies-packagepolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "packagePolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - }, - "put": { - "description": "Update package policy by ID", - "operationId": "put-fleet-package-policies-packagepolicyid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "packagePolicyId", - "required": true, - "schema": { - "type": "string" - } - }, - { - "in": "query", - "name": "format", - "required": false, - "schema": { - "enum": [ - "simplified", - "legacy" - ], - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "additionalProperties": false, - "properties": { - "description": { - "description": "Package policy description", - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "force": { - "type": "boolean" - }, - "inputs": { - "items": { - "additionalProperties": false, - "properties": { - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled" - ], - "type": "object" - }, - "type": "array" - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - { - "additionalProperties": false, - "properties": { - "description": { - "type": "string" - }, - "force": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "type": "string" - }, - "type": "array" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "name", - "package" - ], - "type": "object" - } - ] - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "agents": { - "type": "number" - }, - "created_at": { - "type": "string" - }, - "created_by": { - "type": "string" - }, - "description": { - "description": "Package policy description", - "type": "string" - }, - "elasticsearch": { - "additionalProperties": true, - "properties": { - "privileges": { - "additionalProperties": true, - "properties": { - "cluster": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "inputs": { - "anyOf": [ - { - "items": { - "additionalProperties": false, - "properties": { - "compiled_input": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "policy_template": { - "type": "string" - }, - "streams": { - "items": { - "additionalProperties": false, - "properties": { - "compiled_stream": {}, - "config": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - "data_stream": { - "additionalProperties": false, - "properties": { - "dataset": { - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "dynamic_dataset": { - "type": "boolean" - }, - "dynamic_namespace": { - "type": "boolean" - }, - "privileges": { - "additionalProperties": false, - "properties": { - "indices": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": { - "type": "string" - } - }, - "required": [ - "dataset", - "type" - ], - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "keep_enabled": { - "type": "boolean" - }, - "release": { - "enum": [ - "ga", - "beta", - "experimental" - ], - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "enabled", - "data_stream", - "compiled_stream" - ], - "type": "object" - }, - "type": "array" - }, - "type": { - "type": "string" - }, - "vars": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - } - }, - "required": [ - "type", - "enabled", - "streams", - "compiled_input" - ], - "type": "object" - }, - "type": "array" - }, - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that input, (default to true)", - "type": "boolean" - }, - "streams": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "enabled": { - "description": "enable or disable that stream, (default to true)", - "type": "boolean" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Input streams (see integration documentation to know what streams are available)", - "type": "object" - }, - "vars": { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object" - } - }, - "type": "object" - }, - "description": "Package policy inputs (see integration documentation to know what inputs are available)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "is_managed": { - "type": "boolean" - }, - "name": { - "description": "Package policy name (should be unique)", - "type": "string" - }, - "namespace": { - "description": "The package policy namespace. Leave blank to inherit the agent policy's namespace.", - "type": "string" - }, - "output_id": { - "nullable": true, - "type": "string" - }, - "overrides": { - "additionalProperties": false, - "description": "Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.", - "nullable": true, - "properties": { - "inputs": { - "additionalProperties": {}, - "type": "object" - } - }, - "type": "object" - }, - "package": { - "additionalProperties": false, - "properties": { - "experimental_data_stream_features": { - "items": { - "additionalProperties": false, - "properties": { - "data_stream": { - "type": "string" - }, - "features": { - "additionalProperties": false, - "properties": { - "doc_value_only_numeric": { - "type": "boolean" - }, - "doc_value_only_other": { - "type": "boolean" - }, - "synthetic_source": { - "type": "boolean" - }, - "tsdb": { - "type": "boolean" - } - }, - "type": "object" - } - }, - "required": [ - "data_stream", - "features" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "description": "Package name", - "type": "string" - }, - "requires_root": { - "type": "boolean" - }, - "title": { - "type": "string" - }, - "version": { - "description": "Package version", - "type": "string" - } - }, - "required": [ - "name", - "version" - ], - "type": "object" - }, - "policy_id": { - "deprecated": true, - "description": "Agent policy ID where that package policy will be added", - "nullable": true, - "type": "string" - }, - "policy_ids": { - "items": { - "description": "Agent policy IDs where that package policy will be added", - "type": "string" - }, - "type": "array" - }, - "revision": { - "type": "number" - }, - "secret_references": { - "items": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" - }, - "spaceIds": { - "items": { - "type": "string" - }, - "type": "array" - }, - "updated_at": { - "type": "string" - }, - "updated_by": { - "type": "string" - }, - "vars": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "frozen": { - "type": "boolean" - }, - "type": { - "type": "string" - }, - "value": {} - }, - "required": [ - "value" - ], - "type": "object" - }, - "description": "Package variable (see integration documentation for more information)", - "type": "object" - }, - { - "additionalProperties": { - "anyOf": [ - { - "type": "boolean" - }, - { - "type": "string" - }, - { - "type": "number" - }, - { - "items": { - "type": "string" - }, - "type": "array" - }, - { - "items": { - "type": "number" - }, - "type": "array" - }, - { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - }, - "isSecretRef": { - "type": "boolean" - } - }, - "required": [ - "id", - "isSecretRef" - ], - "type": "object" - } - ], - "nullable": true - }, - "description": "Input/stream level variable (see integration documentation for more information)", - "type": "object", - "x-oas-optional": true - } - ] - }, - "version": { - "type": "string" - } - }, - "required": [ - "name", - "enabled", - "inputs", - "id", - "revision", - "updated_at", - "updated_by", - "created_at", - "created_by" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "403": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet package policies" - ] - } - }, - "/api/fleet/proxies": { - "get": { - "description": "List proxies", - "operationId": "get-fleet-proxies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - }, - "post": { - "description": "Create proxy", - "operationId": "post-fleet-proxies", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "url", - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - } - }, - "/api/fleet/proxies/{itemId}": { - "delete": { - "description": "Delete proxy by ID", - "operationId": "delete-fleet-proxies-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "id": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - }, - "get": { - "description": "Get proxy by ID", - "operationId": "get-fleet-proxies-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - }, - "put": { - "description": "Update proxy by ID", - "operationId": "put-fleet-proxies-itemid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "itemId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "proxy_headers", - "certificate_authorities", - "certificate", - "certificate_key" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "certificate": { - "nullable": true, - "type": "string" - }, - "certificate_authorities": { - "nullable": true, - "type": "string" - }, - "certificate_key": { - "nullable": true, - "type": "string" - }, - "id": { - "type": "string" - }, - "is_preconfigured": { - "default": false, - "type": "boolean" - }, - "name": { - "type": "string" - }, - "proxy_headers": { - "additionalProperties": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "boolean" - }, - { - "type": "number" - } - ] - }, - "nullable": true, - "type": "object" - }, - "url": { - "type": "string" - } - }, - "required": [ - "id", - "url", - "name" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet proxies" - ] - } - }, - "/api/fleet/service-tokens": { - "post": { - "description": "Create a service token", - "operationId": "post-fleet-service-tokens-2", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": {}, - "summary": "", - "tags": [] - } - }, - "/api/fleet/service_tokens": { - "post": { - "description": "Create a service token", - "operationId": "post-fleet-service-tokens", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "nullable": true, - "properties": { - "remote": { - "default": false, - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet service tokens" - ] - } - }, - "/api/fleet/settings": { - "get": { - "description": "Get settings", - "operationId": "get-fleet-settings", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "delete_unenrolled_agents": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - } - }, - "required": [ - "enabled", - "is_preconfigured" - ], - "type": "object" - }, - "fleet_server_hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "has_seen_add_data_notice": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "output_secret_storage_requirements_met": { - "type": "boolean" - }, - "preconfigured_fields": { - "items": { - "enum": [ - "fleet_server_hosts" - ], - "type": "string" - }, - "type": "array" - }, - "prerelease_integrations_enabled": { - "type": "boolean" - }, - "secret_storage_requirements_met": { - "type": "boolean" - }, - "use_space_awareness_migration_started_at": { - "type": "string" - }, - "use_space_awareness_migration_status": { - "enum": [ - "pending", - "success", - "error" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - }, - "put": { - "description": "Update settings", - "operationId": "put-fleet-settings", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "additional_yaml_config": { - "type": "string" - }, - "delete_unenrolled_agents": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - } - }, - "required": [ - "enabled", - "is_preconfigured" - ], - "type": "object" - }, - "fleet_server_hosts": { - "items": { - "format": "uri", - "type": "string" - }, - "type": "array" - }, - "has_seen_add_data_notice": { - "type": "boolean" - }, - "kibana_ca_sha256": { - "type": "string" - }, - "kibana_urls": { - "items": { - "format": "uri", - "type": "string" - }, - "type": "array" - }, - "prerelease_integrations_enabled": { - "type": "boolean" - } - }, - "type": "object" - } - } - } - }, - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "delete_unenrolled_agents": { - "additionalProperties": false, - "properties": { - "enabled": { - "type": "boolean" - }, - "is_preconfigured": { - "type": "boolean" - } - }, - "required": [ - "enabled", - "is_preconfigured" - ], - "type": "object" - }, - "fleet_server_hosts": { - "items": { - "type": "string" - }, - "type": "array" - }, - "has_seen_add_data_notice": { - "type": "boolean" - }, - "id": { - "type": "string" - }, - "output_secret_storage_requirements_met": { - "type": "boolean" - }, - "preconfigured_fields": { - "items": { - "enum": [ - "fleet_server_hosts" - ], - "type": "string" - }, - "type": "array" - }, - "prerelease_integrations_enabled": { - "type": "boolean" - }, - "secret_storage_requirements_met": { - "type": "boolean" - }, - "use_space_awareness_migration_started_at": { - "type": "string" - }, - "use_space_awareness_migration_status": { - "enum": [ - "pending", - "success", - "error" - ], - "type": "string" - }, - "version": { - "type": "string" - } - }, - "required": [ - "id" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "404": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/setup": { - "post": { - "description": "Initiate Fleet setup", - "operationId": "post-fleet-setup", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.", - "properties": { - "isInitialized": { - "type": "boolean" - }, - "nonFatalErrors": { - "items": { - "additionalProperties": false, - "properties": { - "message": { - "type": "string" - }, - "name": { - "type": "string" - } - }, - "required": [ - "name", - "message" - ], - "type": "object" - }, - "type": "array" - } - }, - "required": [ - "isInitialized", - "nonFatalErrors" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - }, - "500": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Internal Server Error", - "properties": { - "message": { - "type": "string" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet internals" - ] - } - }, - "/api/fleet/uninstall_tokens": { - "get": { - "description": "List metadata for latest uninstall tokens per agent policy", - "operationId": "get-fleet-uninstall-tokens", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "Partial match filtering for policy IDs", - "in": "query", - "name": "policyId", - "required": false, - "schema": { - "maxLength": 50, - "type": "string" - } - }, - { - "in": "query", - "name": "search", - "required": false, - "schema": { - "maxLength": 50, - "type": "string" - } - }, - { - "description": "The number of items to return", - "in": "query", - "name": "perPage", - "required": false, - "schema": { - "minimum": 5, - "type": "number" - } - }, - { - "in": "query", - "name": "page", - "required": false, - "schema": { - "minimum": 1, - "type": "number" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "items": { - "items": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_name": { - "nullable": true, - "type": "string" - } - }, - "required": [ - "id", - "policy_id", - "created_at" - ], - "type": "object" - }, - "type": "array" - }, - "page": { - "type": "number" - }, - "perPage": { - "type": "number" - }, - "total": { - "type": "number" - } - }, - "required": [ - "items", - "total", - "page", - "perPage" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet uninstall tokens" - ] - } - }, - "/api/fleet/uninstall_tokens/{uninstallTokenId}": { - "get": { - "description": "Get one decrypted uninstall token by its ID", - "operationId": "get-fleet-uninstall-tokens-uninstalltokenid", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "in": "path", - "name": "uninstallTokenId", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "item": { - "additionalProperties": false, - "properties": { - "created_at": { - "type": "string" - }, - "id": { - "type": "string" - }, - "namespaces": { - "items": { - "type": "string" - }, - "type": "array" - }, - "policy_id": { - "type": "string" - }, - "policy_name": { - "nullable": true, - "type": "string" - }, - "token": { - "type": "string" - } - }, - "required": [ - "id", - "policy_id", - "created_at", - "token" - ], - "type": "object" - } - }, - "required": [ - "item" - ], - "type": "object" - } - } - } - }, - "400": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "description": "Generic Error", - "properties": { - "error": { - "type": "string" - }, - "message": { - "type": "string" - }, - "statusCode": { - "type": "number" - } - }, - "required": [ - "message" - ], - "type": "object" - } - } - } - } - }, - "summary": "", - "tags": [ - "Fleet uninstall tokens" - ] - } - }, - "/api/security/role": { - "get": { - "operationId": "get-security-role", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.", - "in": "query", - "name": "replaceDeprecatedPrivileges", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Get all roles", - "tags": [ - "roles" - ] - } - }, - "/api/security/role/{name}": { - "delete": { - "operationId": "delete-security-role-name", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "in": "path", - "name": "name", - "required": true, - "schema": { - "minLength": 1, - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Delete a role", - "tags": [ - "roles" - ] - }, - "get": { - "operationId": "get-security-role-name", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The role name.", - "in": "path", - "name": "name", - "required": true, - "schema": { - "minLength": 1, - "type": "string" - } - }, - { - "description": "If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.", - "in": "query", - "name": "replaceDeprecatedPrivileges", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Get a role", - "tags": [ - "roles" - ] - }, - "put": { - "description": "Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.", - "operationId": "put-security-role-name", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The role name.", - "in": "path", - "name": "name", - "required": true, - "schema": { - "maxLength": 1024, - "minLength": 1, - "type": "string" - } - }, - { - "description": "When true, a role is not overwritten if it already exists.", - "in": "query", - "name": "createOnly", - "required": false, - "schema": { - "default": false, - "type": "boolean" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "description": { - "description": "A description for the role.", - "maxLength": 2048, - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "cluster": { - "items": { - "description": "Cluster privileges that define the cluster level actions that users can perform.", - "type": "string" - }, - "type": "array" - }, - "indices": { - "items": { - "additionalProperties": false, - "properties": { - "allow_restricted_indices": { - "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.", - "type": "boolean" - }, - "field_security": { - "additionalProperties": { - "items": { - "description": "The document fields that the role members have read access to.", - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "names": { - "items": { - "description": "The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "privileges": { - "items": { - "description": "The index level privileges that the role members have for the data streams and indices.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "query": { - "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.", - "type": "string" - } - }, - "required": [ - "names", - "privileges" - ], - "type": "object" - }, - "type": "array" - }, - "remote_cluster": { - "items": { - "additionalProperties": false, - "properties": { - "clusters": { - "items": { - "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "privileges": { - "items": { - "description": "The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.", - "type": "string" - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "privileges", - "clusters" - ], - "type": "object" - }, - "type": "array" - }, - "remote_indices": { - "items": { - "additionalProperties": false, - "properties": { - "allow_restricted_indices": { - "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.", - "type": "boolean" - }, - "clusters": { - "items": { - "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "field_security": { - "additionalProperties": { - "items": { - "description": "The document fields that the role members have read access to.", - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "names": { - "items": { - "description": "A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "privileges": { - "items": { - "description": "The index level privileges that role members have for the specified indices.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "query": { - "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ", - "type": "string" - } - }, - "required": [ - "clusters", - "names", - "privileges" - ], - "type": "object" - }, - "type": "array" - }, - "run_as": { - "items": { - "description": "A user name that the role member can impersonate.", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "kibana": { - "items": { - "additionalProperties": false, - "properties": { - "base": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "items": { - "description": "A base privilege that grants applies to all spaces.", - "type": "string" - }, - "type": "array" - }, - { - "items": { - "description": "A base privilege that applies to specific spaces.", - "type": "string" - }, - "type": "array" - } - ] - }, - "feature": { - "additionalProperties": { - "items": { - "description": "The privileges that the role member has for the feature.", - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "spaces": { - "anyOf": [ - { - "items": { - "enum": [ - "*" - ], - "type": "string" - }, - "maxItems": 1, - "minItems": 1, - "type": "array" - }, - { - "items": { - "description": "A space that the privilege applies to.", - "type": "string" - }, - "type": "array" - } - ], - "default": [ - "*" - ] - } - }, - "required": [ - "base" - ], - "type": "object" - }, - "type": "array" - }, - "metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "elasticsearch" - ], - "type": "object" - } - } - } - }, - "responses": { - "204": { - "description": "Indicates a successful call." - } - }, - "summary": "Create or update a role", - "tags": [ - "roles" - ] - } - }, - "/api/security/roles": { - "post": { - "operationId": "post-security-roles", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "roles": { - "additionalProperties": { - "additionalProperties": false, - "properties": { - "description": { - "description": "A description for the role.", - "maxLength": 2048, - "type": "string" - }, - "elasticsearch": { - "additionalProperties": false, - "properties": { - "cluster": { - "items": { - "description": "Cluster privileges that define the cluster level actions that users can perform.", - "type": "string" - }, - "type": "array" - }, - "indices": { - "items": { - "additionalProperties": false, - "properties": { - "allow_restricted_indices": { - "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.", - "type": "boolean" - }, - "field_security": { - "additionalProperties": { - "items": { - "description": "The document fields that the role members have read access to.", - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "names": { - "items": { - "description": "The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "privileges": { - "items": { - "description": "The index level privileges that the role members have for the data streams and indices.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "query": { - "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.", - "type": "string" - } - }, - "required": [ - "names", - "privileges" - ], - "type": "object" - }, - "type": "array" - }, - "remote_cluster": { - "items": { - "additionalProperties": false, - "properties": { - "clusters": { - "items": { - "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "privileges": { - "items": { - "description": "The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.", - "type": "string" - }, - "minItems": 1, - "type": "array" - } - }, - "required": [ - "privileges", - "clusters" - ], - "type": "object" - }, - "type": "array" - }, - "remote_indices": { - "items": { - "additionalProperties": false, - "properties": { - "allow_restricted_indices": { - "description": "Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.", - "type": "boolean" - }, - "clusters": { - "items": { - "description": "A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "field_security": { - "additionalProperties": { - "items": { - "description": "The document fields that the role members have read access to.", - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "names": { - "items": { - "description": "A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "privileges": { - "items": { - "description": "The index level privileges that role members have for the specified indices.", - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - "query": { - "description": "A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ", - "type": "string" - } - }, - "required": [ - "clusters", - "names", - "privileges" - ], - "type": "object" - }, - "type": "array" - }, - "run_as": { - "items": { - "description": "A user name that the role member can impersonate.", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "kibana": { - "items": { - "additionalProperties": false, - "properties": { - "base": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "items": { - "description": "A base privilege that grants applies to all spaces.", - "type": "string" - }, - "type": "array" - }, - { - "items": { - "description": "A base privilege that applies to specific spaces.", - "type": "string" - }, - "type": "array" - } - ] - }, - "feature": { - "additionalProperties": { - "items": { - "description": "The privileges that the role member has for the feature.", - "type": "string" - }, - "type": "array" - }, - "type": "object" - }, - "spaces": { - "anyOf": [ - { - "items": { - "enum": [ - "*" - ], - "type": "string" - }, - "maxItems": 1, - "minItems": 1, - "type": "array" - }, - { - "items": { - "description": "A space that the privilege applies to.", - "type": "string" - }, - "type": "array" - } - ], - "default": [ - "*" - ] - } - }, - "required": [ - "base" - ], - "type": "object" - }, - "type": "array" - }, - "metadata": { - "additionalProperties": {}, - "type": "object" - } - }, - "required": [ - "elasticsearch" - ], - "type": "object" - }, - "type": "object" - } - }, - "required": [ - "roles" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Create or update roles", - "tags": [ - "roles" - ] - } - }, - "/api/spaces/space": { - "get": { - "operationId": "get-spaces-space", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "Specifies which authorization checks are applied to the API call. The default value is `any`.", - "in": "query", - "name": "purpose", - "required": false, - "schema": { - "enum": [ - "any", - "copySavedObjectsIntoSpace", - "shareSavedObjectsIntoSpace" - ], - "type": "string" - } - }, - { - "description": "When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter.", - "in": "query", - "name": "include_authorized_purposes", - "required": true, - "schema": { - "anyOf": [ - { - "items": {}, - "type": "array" - }, - { - "type": "boolean" - }, - { - "type": "number" - }, - { - "type": "object" - }, - { - "type": "string" - } - ], - "nullable": true, - "oneOf": [ - { - "enum": [ - false - ], - "type": "boolean", - "x-oas-optional": true - }, - { - "type": "boolean", - "x-oas-optional": true - } - ] - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Get all spaces", - "tags": [ - "spaces" - ] - }, - "post": { - "operationId": "post-spaces-space", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "description": "The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.", - "type": "string" - }, - "description": { - "description": "A description for the space.", - "type": "string" - }, - "disabledFeatures": { - "default": [], - "items": { - "description": "The list of features that are turned off in the space.", - "type": "string" - }, - "type": "array" - }, - "id": { - "description": "The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.", - "type": "string" - }, - "imageUrl": { - "description": "The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.", - "type": "string" - }, - "initials": { - "description": "One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.", - "maxLength": 2, - "type": "string" - }, - "name": { - "description": "The display name for the space. ", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Create a space", - "tags": [ - "spaces" - ] - } - }, - "/api/spaces/space/{id}": { - "delete": { - "description": "When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.", - "operationId": "delete-spaces-space-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The space identifier.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "description": "Indicates a successful call." - }, - "404": { - "description": "Indicates that the request failed." - } - }, - "summary": "Delete a space", - "tags": [ - "spaces" - ] - }, - "get": { - "operationId": "get-spaces-space-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "The space identifier.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Get a space", - "tags": [ - "spaces" - ] - }, - "put": { - "operationId": "put-spaces-space-id", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "A required header to protect against CSRF attacks", - "in": "header", - "name": "kbn-xsrf", - "required": true, - "schema": { - "example": "true", - "type": "string" - } - }, - { - "description": "The space identifier. You are unable to change the ID with the update operation.", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "requestBody": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "additionalProperties": false, - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "description": "The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.", - "type": "string" - }, - "description": { - "description": "A description for the space.", - "type": "string" - }, - "disabledFeatures": { - "default": [], - "items": { - "description": "The list of features that are turned off in the space.", - "type": "string" - }, - "type": "array" - }, - "id": { - "description": "The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.", - "type": "string" - }, - "imageUrl": { - "description": "The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.", - "type": "string" - }, - "initials": { - "description": "One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.", - "maxLength": 2, - "type": "string" - }, - "name": { - "description": "The display name for the space. ", - "minLength": 1, - "type": "string" - } - }, - "required": [ - "id", - "name" - ], - "type": "object" - } - } - } - }, - "responses": { - "200": { - "description": "Indicates a successful call." - } - }, - "summary": "Update a space", - "tags": [ - "spaces" - ] - } - }, - "/api/status": { - "get": { - "operationId": "get-status", - "parameters": [ - { - "description": "The version of the API to use", - "in": "header", - "name": "elastic-api-version", - "schema": { - "default": "2023-10-31", - "enum": [ - "2023-10-31" - ], - "type": "string" - } - }, - { - "description": "Set to \"true\" to get the response in v7 format.", - "in": "query", - "name": "v7format", - "required": false, - "schema": { - "type": "boolean" - } - }, - { - "description": "Set to \"true\" to get the response in v8 format.", - "in": "query", - "name": "v8format", - "required": false, - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/core_status_response" - }, - { - "$ref": "#/components/schemas/core_status_redactedResponse" - } - ], - "description": "Kibana's operational status. A minimal response is sent for unauthorized users." - } - } - }, - "description": "Overall status is OK and Kibana should be functioning normally." - }, - "503": { - "content": { - "application/json; Elastic-Api-Version=2023-10-31": { - "schema": { - "anyOf": [ - { - "$ref": "#/components/schemas/core_status_response" - }, - { - "$ref": "#/components/schemas/core_status_redactedResponse" - } - ], - "description": "Kibana's operational status. A minimal response is sent for unauthorized users." - } - } - }, - "description": "Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable." - } - }, - "summary": "Get Kibana's current status", - "tags": [ - "system" - ] - } - } - }, - "security": [ - { - "basicAuth": [] - } - ], - "servers": [ - { - "url": "http://localhost:5622" - } - ], - "tags": [ - { - "name": "alerting" - }, - { - "name": "connectors" - }, - { - "name": "Data streams" - }, - { - "name": "Elastic Agent actions" - }, - { - "name": "Elastic Agent binary download sources" - }, - { - "name": "Elastic Agent policies" - }, - { - "name": "Elastic Agent status" - }, - { - "name": "Elastic Agents" - }, - { - "name": "Elastic Package Manager (EPM)" - }, - { - "name": "Fleet enrollment API keys" - }, - { - "name": "Fleet internals" - }, - { - "name": "Fleet outputs" - }, - { - "name": "Fleet package policies" - }, - { - "name": "Fleet proxies" - }, - { - "name": "Fleet Server hosts" - }, - { - "name": "Fleet service tokens" - }, - { - "name": "Fleet uninstall tokens" - }, - { - "name": "Message Signing Service" - }, - { - "name": "roles" - }, - { - "name": "spaces" - }, - { - "name": "system" - } - ] -} \ No newline at end of file diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 33fc4e7dca56a..d5dc0dd30e8b8 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -61,266 +61,77 @@ info: version: 1.0.2 x-doc-license: name: Attribution-NonCommercial-NoDerivatives 4.0 International - url: https://creativecommons.org/licenses/by-nc-nd/4.0/ + url: 'https://creativecommons.org/licenses/by-nc-nd/4.0/' x-feedbackLink: label: Feedback url: >- https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ servers: - - url: http://{kibana_host}:{port} + - url: 'http://{kibana_host}:{port}' variables: kibana_host: default: localhost port: default: '5601' - - url: http://localhost:5622 - - url: https://{kibana_url} + - url: 'https://{kibana_url}' variables: kibana_url: - default: localhost:5601 + default: 'localhost:5601' - url: / + - url: 'http://KIBANA_HOST:5601' - description: local - url: http://localhost:5601 + url: 'http://localhost:5601' paths: - /api/actions/connector_types: - get: - description: You do not need any Kibana feature privileges to run this API. - operationId: get-actions-connector-types - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - required: false - schema: - type: string - responses: {} - summary: Get connector types - tags: - - connectors - /api/actions/connector/{id}: - delete: - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: delete-actions-connector-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - operationId: get-actions-connector-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors + /api/apm/agent_keys: post: - operationId: post-actions-connector-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: false - schema: - type: string + description: Create a new agent key for APM. + operationId: createAgentKey requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - config: - additionalProperties: {} - default: {} - type: object - connector_type_id: - description: The type of connector. - type: string name: - description: The display name for the connector. type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - connector_type_id + privileges: + items: + enum: + - 'event:write' + - 'config_agent:read' + type: string + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. + api_key: type: string + encoded: + type: string + expiration: + format: int64 + type: integer id: - description: The identifier for the connector. type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean name: - description: ' The name of the rule.' type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector + description: Agent key created successfully + summary: Create an APM agent key tags: - - connectors - put: - operationId: put-actions-connector-id + - APM agent keys + '/api/apm/services/{serviceName}/annotation': + post: + description: Create a new annotation for a specific service. + operationId: createAnnotation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. + - description: The name of the service in: path - name: id + name: serviceName required: true schema: type: string @@ -328,4484 +139,791 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. + '@timestamp': + type: string + message: type: string - secrets: - additionalProperties: {} - default: {} + service: type: object - required: - - name + properties: + environment: + type: string + version: + type: string + tags: + items: + type: string + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. + _id: type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' + _index: type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector + _source: + type: object + properties: + '@timestamp': + type: string + annotation: + type: string + event: + type: object + properties: + created: + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + tags: + items: + type: string + type: array + description: Annotation created successfully + summary: Create a service annotation tags: - - connectors - /api/actions/connector/{id}/_execute: - post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. - operationId: post-actions-connector-id-execute + - APM annotations + '/api/apm/services/{serviceName}/annotation/search': + get: + description: Search for annotations related to a specific service. + operationId: getAnnotation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The name of the service + in: path + name: serviceName + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - description: The environment to filter annotations by + in: query + name: environment + required: false schema: - example: 'true' type: string - - description: An identifier for the connector. - in: path - name: id - required: true + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false schema: type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. - type: boolean - is_system_action: - description: >- - Indicates whether the connector is used for system - actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors - /api/actions/connectors: - get: - operationId: get-actions-connectors - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: {} - summary: Get all connectors - tags: - - connectors - /api/alerting/rule/{id}: - delete: - operationId: delete-alerting-rule-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Delete a rule + annotations: + items: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + type: array + description: Successful response + summary: Search for annotations tags: - - alerting - get: - operationId: get-alerting-rule-id + - APM annotations + /api/asset_criticality: + delete: + description: Delete the asset criticality record for a specific asset if it exists. + operationId: DeleteAssetCriticalityRecord parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The ID value of the asset. + in: query + name: id_value + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: The identifier for the rule. - in: path - name: id + - description: The field representing the ID. + example: host.name + in: query + name: id_field required: true schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + - description: If 'wait_for' the request will wait for the index refresh. + in: query + name: refresh + required: false + schema: + enum: + - wait_for type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: + deleted: description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true + True if the record was deleted or false if the record did + not exist. type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - nullable: true - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string + record: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: The deleted record if it existed. required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. + - deleted + description: Successful response '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Get rule details + description: Invalid request + summary: Delete Criticality Record tags: - - alerting - post: - operationId: post-alerting-rule-id + - Security Entity Analytics API + get: + description: Get the criticality record for a specific asset. + operationId: GetAssetCriticalityRecord parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - description: The ID value of the asset. + in: query + name: id_value required: true schema: - example: 'true' type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. - in: path - name: id - required: false + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true schema: - type: string + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + '404': + description: Criticality record not found + summary: Get Criticality Record + tags: + - Security Entity Analytics API + post: + description: Create or update a criticality record for a specific asset. + operationId: CreateAssetCriticalityRecord requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. - type: string - enabled: - default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - rule_type_id: - description: The rule type identifier. - type: string - schedule: - additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. - type: object + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - type: object properties: - interval: + refresh: description: >- - The interval is specified in seconds, minutes, hours, or - days. + If 'wait_for' the request will wait for the index + refresh. + enum: + - wait_for type: string - required: - - interval - tags: - default: [] - description: The tags for the rule. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + summary: Upsert Criticality Record + tags: + - Security Entity Analytics API + /api/asset_criticality/bulk: + post: + description: >- + Bulk upsert up to 1000 asset criticality records, creating or updating + them as needed. + operationId: BulkUpsertAssetCriticalityRecords + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + example: + records: + - criticality_level: low_impact + id_field: host.name + id_value: host-1 + - criticality_level: medium_impact + id_field: host.name + id_value: host-2 + type: object + properties: + records: items: - type: string + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + maxItems: 1000 + minItems: 1 type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string required: - - name - - rule_type_id - - consumer - - schedule + - records responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false + example: + errors: + - index: 0 + message: Invalid ID field + stats: + failed: 1 + successful: 1 + total: 2 + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + type: array + stats: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + required: + - errors + - stats + description: Bulk upload successful + '413': + description: File too large + summary: Bulk Upsert Asset Criticality Records + tags: + - Security Entity Analytics API + /api/asset_criticality/list: + get: + description: 'List asset criticality records, paging, sorting and filtering as needed.' + operationId: FindAssetCriticalityRecords + parameters: + - description: The field to sort by. + in: query + name: sort_field + required: false + schema: + enum: + - id_value + - id_field + - criticality_level + - \@timestamp + type: string + - description: The order to sort by. + in: query + name: sort_direction + required: false + schema: + enum: + - asc + - desc + type: string + - description: The page number to return. + in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - description: The number of records to return per page. + in: query + name: per_page + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: The kuery to filter by. + in: query + name: kuery + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + description: Bulk upload successful + summary: List Asset Criticality Records + tags: + - Security Entity Analytics API + /api/data_views: + get: + operationId: getAllDataViewsDefault + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' + schema: type: object properties: - actions: + data_view: items: - additionalProperties: false type: object properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + id: type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + name: type: string - id: - description: The identifier for the connector saved object. + namespaces: + items: + type: string + type: array + title: type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + typeMeta: type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - nullable: true - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision description: Indicates a successful call. '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '409': - description: Indicates that the rule id is already in use. - summary: Create a rule + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views tags: - - alerting - put: - operationId: put-alerting-rule-id + - data views + /api/data_views/data_view: + post: + operationId: createDataViewDefaultw parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' schema: - additionalProperties: false - type: object - properties: - actions: - default: [] - items: - additionalProperties: false - description: An action that runs under defined conditions. - type: object - properties: - alerts_filter: - additionalProperties: false - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. - type: string - required: - - days - - hours - - timezone - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: A universally unique identifier (UUID) for the action. - type: string - required: - - id - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. - type: string - required: - - interval - tags: - default: [] - items: - description: The tags for the rule. - type: string - type: array - throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - nullable: true - type: string - required: - - name - - schedule + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false - type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - nullable: true - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule - type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision - description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update a rule - tags: - - alerting - /api/alerting/rule/{id}/_disable: - post: - operationId: post-alerting-rule-id-disable - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - untrack: - description: Defines whether this rule's alerts should be untracked. - type: boolean - x-oas-optional: true - responses: - '204': + $ref: '#/components/schemas/Data_views_data_view_response_object' description: Indicates a successful call. '400': - description: Indicates an invalid schema. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Disable a rule + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create a data view tags: - - alerting - /api/alerting/rule/{id}/_enable: - post: - operationId: post-alerting-rule-id-enable + - data views + '/api/data_views/data_view/{viewId}': + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' responses: '204': description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. '404': - description: Indicates a rule with the given ID does not exist. - summary: Enable a rule + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view tags: - - alerting - /api/alerting/rule/{id}/_mute_all: - post: - operationId: post-alerting-rule-id-mute-all + - data views + get: + operationId: getDataViewDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_view_id' responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. '404': - description: Indicates a rule with the given ID does not exist. - summary: Mute all alerts + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view tags: - - alerting - /api/alerting/rule/{id}/_unmute_all: + - data views post: - operationId: post-alerting-rule-id-unmute-all + operationId: updateDataViewDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_update_data_view_request_object' + required: true responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' description: Indicates a successful call. '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - summary: Unmute all alerts + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a data view tags: - - alerting - /api/alerting/rule/{id}/_update_api_key: + - data views + '/api/data_views/data_view/{viewId}/fields': post: - operationId: post-alerting-rule-id-update-api-key + description: > + Update fields presentation metadata such as count, customLabel, + customDescription, and format. + operationId: updateFieldsMetadataDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' + schema: + type: object + properties: + fields: + description: The field object. + type: object + required: + - fields + required: true responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean description: Indicates a successful call. '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule with the given ID does not exist. - '409': - description: Indicates that the rule has already been updated by another user. - summary: Update the API key for a rule + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update data view fields metadata tags: - - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: + - data views + '/api/data_views/data_view/{viewId}/runtime_field': post: - operationId: post-alerting-rule-rule-id-alert-alert-id-mute + operationId: createRuntimeFieldDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. - in: path - name: alert_id - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Mute an alert + summary: Create a runtime field tags: - - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: - post: - operationId: post-alerting-rule-rule-id-alert-alert-id-unmute + - data views + put: + operationId: createUpdateRuntimeFieldDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The identifier for the rule. - in: path - name: rule_id - required: true - schema: - type: string - - description: The identifier for the alert. + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. in: path - name: alert_id + name: viewId required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true responses: - '204': + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array description: Indicates a successful call. '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create or update a runtime field + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': + delete: + operationId: deleteRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. '404': - description: Indicates a rule or alert with the given ID does not exist. - summary: Unmute an alert + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view tags: - - alerting - /api/alerting/rules/_find: + - data views get: - operationId: get-alerting-rules-find + operationId: getRuntimeFieldDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The number of rules to return per page. - in: query - name: per_page - required: false - schema: - default: 10 - minimum: 0 - type: number - - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. - in: query - name: search - required: false - schema: - type: string - - description: The default operator to use for the simple_query_string. - in: query - name: default_search_operator - required: false - schema: - default: OR - enum: - - OR - - AND - type: string - - description: The fields to perform the simple_query_string parsed query against. - in: query - name: search_fields - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order. - in: query - name: sort_order - required: false - schema: - enum: - - asc - - desc - type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. - in: query - name: has_reference - required: false - schema: - additionalProperties: false - nullable: true - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - - in: query - name: fields - required: false - schema: - items: - description: The fields to return in the `attributes` key of the response. - type: string - type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - required: false - schema: - type: string - - in: query - name: filter_consumers - required: false - schema: - items: - description: List of consumers to filter. - type: string - type: array + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - additionalProperties: false type: object properties: - actions: - items: - additionalProperties: false - type: object - properties: - alerts_filter: - additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. - type: object - properties: - query: - additionalProperties: false - type: object - properties: - dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). - type: string - filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. - items: - additionalProperties: false - type: object - properties: - $state: - additionalProperties: false - type: object - properties: - store: - description: >- - A filter can be either specific to an - application context or applied globally. - enum: - - appState - - globalState - type: string - required: - - store - meta: - additionalProperties: {} - type: object - query: - additionalProperties: {} - type: object - required: - - meta - type: array - kql: - description: >- - A filter written in Kibana Query Language - (KQL). - type: string - required: - - kql - - filters - timeframe: - additionalProperties: false - type: object - properties: - days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. - items: - enum: - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - type: integer - type: array - hours: - additionalProperties: false - type: object - properties: - end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). - type: string - start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). - type: string - required: - - start - - end - timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. - type: string - required: - - days - - hours - - timezone - connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. - type: string - frequency: - additionalProperties: false - type: object - properties: - notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - summary: - description: Indicates whether the action is a summary. - type: boolean - throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. - nullable: true - type: string - required: - - summary - - notify_when - - throttle - group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. - type: string - id: - description: The identifier for the connector saved object. - type: string - params: - additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. - type: object - use_alert_data_for_template: - description: Indicates whether to use alert data as a template. - type: boolean - uuid: - description: >- - A universally unique identifier (UUID) for the - action. - type: string - required: - - id - - connector_type_id - - params - type: array - active_snoozes: - items: - description: List of active snoozes for the rule. - type: string - type: array - alert_delay: - additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. - type: object - properties: - active: - description: >- - The number of consecutive runs that must meet the rule - conditions. - type: number - required: - - active - api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. - nullable: true - type: boolean - api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. - nullable: true - type: string - consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - type: string - created_at: - description: The date and time that the rule was created. - type: string - created_by: - description: The identifier for the user that created the rule. - nullable: true - type: string - enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. - type: boolean - execution_status: - additionalProperties: false - type: object - properties: - error: - additionalProperties: false - type: object - properties: - message: - description: Error message. - type: string - reason: - description: Reason for error. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - type: string - required: - - reason - - message - last_duration: - description: Duration of last execution of the rule. - type: number - last_execution_date: - description: The date and time when rule was executed last. - type: string - status: - description: Status of rule execution. - enum: - - ok - - active - - error - - warning - - pending - - unknown - type: string - warning: - additionalProperties: false - type: object - properties: - message: - description: Warning message. - type: string - reason: - description: Reason for warning. - enum: - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - type: string - required: - - reason - - message - required: - - status - - last_execution_date - flapping: - additionalProperties: false - nullable: true - type: object - properties: - look_back_window: - maximum: 20 - minimum: 2 - type: number - status_change_threshold: - maximum: 20 - minimum: 2 - type: number - required: - - look_back_window - - status_change_threshold - id: - description: The identifier for the rule. - type: string - is_snoozed_until: - description: The date when the rule will no longer be snoozed. - nullable: true - type: string - last_run: - additionalProperties: false - nullable: true - type: object - properties: - alerts_count: - additionalProperties: false - type: object - properties: - active: - description: Number of active alerts during last run. - nullable: true - type: number - ignored: - description: Number of ignored alerts during last run. - nullable: true - type: number - new: - description: Number of new alerts during last run. - nullable: true - type: number - recovered: - description: Number of recovered alerts during last run. - nullable: true - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - outcome_msg: - items: - description: Outcome message generated during last rule run. - type: string - nullable: true - type: array - outcome_order: - description: Order of the outcome. - type: number - warning: - description: Warning of last rule execution. - enum: - - read - - decrypt - - execute - - unknown - - license - - timeout - - disabled - - validate - - maxExecutableActions - - maxAlerts - - maxQueuedActions - - ruleExecution - nullable: true - type: string - required: - - outcome - - alerts_count - mapped_params: - additionalProperties: {} - type: object - monitoring: - additionalProperties: false - description: Monitoring details of the rule. - type: object - properties: - run: - additionalProperties: false - description: Rule run details. - type: object - properties: - calculated_metrics: - additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. - type: object - properties: - p50: - type: number - p95: - type: number - p99: - type: number - success_ratio: - type: number - required: - - success_ratio - history: - description: History of the rule run. - items: - additionalProperties: false - type: object - properties: - duration: - description: Duration of the rule run. - type: number - outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string - success: - description: >- - Indicates whether the rule run was - successful. - type: boolean - timestamp: - description: Time of rule run. - type: number - required: - - success - - timestamp - type: array - last_run: - additionalProperties: false - type: object - properties: - metrics: - additionalProperties: false - type: object - properties: - duration: - description: Duration of most recent rule run. - type: number - gap_duration_s: - description: Duration in seconds of rule run gap. - nullable: true - type: number - total_alerts_created: - description: >- - Total number of alerts created during last - rule run. - nullable: true - type: number - total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. - nullable: true - type: number - total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. - nullable: true - type: number - total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. - nullable: true - type: number - timestamp: - description: Time of the most recent rule run. - type: string - required: - - timestamp - - metrics - required: - - history - - calculated_metrics - - last_run - required: - - run - mute_all: - description: Indicates whether all alerts are muted. - type: boolean - muted_alert_ids: - items: - description: 'List of identifiers of muted alerts. ' - type: string - type: array - name: - description: ' The name of the rule.' - type: string - next_run: - description: Date and time of the next run of the rule. - nullable: true - type: string - notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - nullable: true - type: string - params: - additionalProperties: {} - description: The parameters for the rule. - type: object - revision: - description: The rule revision number. - type: number - rule_type_id: - description: The rule type identifier. - type: string - running: - description: Indicates whether the rule is running. - nullable: true - type: boolean - schedule: - additionalProperties: false + data_view: type: object - properties: - interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. - type: string - required: - - interval - scheduled_task_id: - description: Identifier of the scheduled task. - type: string - snooze_schedule: + fields: items: - additionalProperties: false type: object - properties: - duration: - description: Duration of the rule snooze schedule. - type: number - id: - description: Identifier of the rule snooze schedule. - type: string - rRule: - additionalProperties: false - type: object - properties: - byhour: - items: - description: Indicates hours of the day to recur. - type: number - nullable: true - type: array - byminute: - items: - description: Indicates minutes of the hour to recur. - type: number - nullable: true - type: array - bymonth: - items: - description: >- - Indicates months of the year that this rule - should recur. - type: number - nullable: true - type: array - bymonthday: - items: - description: Indicates the days of the month to recur. - type: number - nullable: true - type: array - bysecond: - items: - description: Indicates seconds of the day to recur. - type: number - nullable: true - type: array - bysetpos: - items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. - type: number - nullable: true - type: array - byweekday: - items: - anyOf: - - type: string - - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. - nullable: true - type: array - byweekno: - items: - description: Indicates number of the week hours to recur. - type: number - nullable: true - type: array - byyearday: - items: - description: >- - Indicates the days of the year that this rule - should recur. - type: number - nullable: true - type: array - count: - description: >- - Number of times the rule should recur until it - stops. - type: number - dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). - type: string - freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. - enum: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 - type: integer - interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. - type: number - tzid: - description: Indicates timezone abbreviation. - type: string - until: - description: Recur the rule until this date. - type: string - wkst: - description: Indicates the start of week, defaults to Monday. - enum: - - MO - - TU - - WE - - TH - - FR - - SA - - SU - type: string - required: - - dtstart - - tzid - skipRecurrences: - items: - description: Skips recurrence of rule on this date. - type: string - type: array - required: - - duration - - rRule type: array - tags: - items: - description: The tags for the rule. - type: string - type: array - throttle: - deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - type: string - updated_at: - description: The date and time that the rule was updated most recently. - type: string - updated_by: - description: >- - The identifier for the user that updated this rule most - recently. - nullable: true - type: string - view_in_app_relative_url: - description: Relative URL to view rule in the app. - nullable: true - type: string - required: - - id - - enabled - - name - - tags - - rule_type_id - - consumer - - schedule - - actions - - params - - created_by - - updated_by - - created_at - - updated_at - - api_key_owner - - mute_all - - muted_alert_ids - - execution_status - - revision description: Indicates a successful call. - '400': - description: Indicates an invalid schema or parameters. - '403': - description: Indicates that this call is forbidden. - summary: Get information about rules + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field tags: - - alerting - /api/apm/agent_keys: + - data views post: - description: Create a new agent key for APM. - operationId: createAgentKey + operationId: updateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: type: object properties: - name: - type: string - privileges: - items: - enum: - - event:write - - config_agent:read - type: string - type: array + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField required: true + responses: + '200': + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a runtime field + tags: + - data views + /api/data_views/default: + get: + operationId: getDefaultDataViewDefault responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response schema: type: object properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: + data_view_id: type: string - description: Agent key created successfully - summary: Create an APM agent key + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get the default data view tags: - - APM agent keys - /api/apm/services/{serviceName}/annotation: + - data views post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + operationId: setDefaultDatailViewDefault parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: type: object properties: - '@timestamp': - type: string - message: + data_view_id: + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + nullable: true type: string - service: - type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id required: true responses: '200': @@ -4814,70 +932,83 @@ paths: schema: type: object properties: - _id: - type: string - _index: - type: string - _source: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Set the default data view + tags: + - data views + /api/data_views/swap_references: + post: + description: > + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. + operationId: swapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + deleteStatus: type: object properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + items: + type: object + properties: + id: + description: A saved object identifier. type: string - type: array - description: Annotation created successfully - summary: Create a service annotation + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Swap saved object references tags: - - APM annotations - /api/apm/services/{serviceName}/annotation/search: - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation + - data views + /api/data_views/swap_references/_preview: + post: + description: > + Preview the impact of swapping saved object references from one data + view identifier to another. + operationId: previewSwapDataViewsDefault parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false - schema: - type: string + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + previewSwapDataViewRequest: + $ref: >- + #/components/examples/Data_views_preview_swap_data_view_request + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true responses: '200': content: @@ -4885,51 +1016,33 @@ paths: schema: type: object properties: - annotations: + result: items: type: object properties: - '@timestamp': - type: number id: - type: string - text: + description: A saved object identifier. type: string type: - enum: - - version + description: The saved object type. type: string type: array - description: Successful response - summary: Search for annotations + description: Indicates a successful call. + summary: Preview a saved object reference swap tags: - - APM annotations - /api/asset_criticality: - delete: - description: Delete the asset criticality record for a specific entity. - operationId: DeleteAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false - schema: - enum: - - wait_for - type: string + - data views + /api/detection_engine/privileges: + get: + description: > + Retrieves whether or not the user is authenticated, and the user's + Kibana + + space and index privileges, which determine if the user can create an + + index for the Elastic Security alerts generated by + + detection engine rules. + operationId: ReadPrivileges responses: '200': content: @@ -4937,206 +1050,311 @@ paths: schema: type: object properties: - deleted: - description: >- - True if the record was deleted or false if the record did - not exist. + has_encryption_key: + type: boolean + is_authenticated: type: boolean - record: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: The deleted record if it existed. required: - - deleted + - is_authenticated + - has_encryption_key description: Successful response - '400': - description: Invalid request - summary: Delete an asset criticality record + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Returns user privileges for the Kibana space tags: - - Security Entity Analytics API - get: - description: Get the asset criticality record for a specific entity. - operationId: GetAssetCriticalityRecord + - Security Detections API + - Privileges API + /api/detection_engine/rules: + delete: + description: Delete a detection rule using the `rule_id` or `id` field. + operationId: DeleteRule parameters: - - description: The ID value of the asset. + - description: The rule's `id` value. in: query - name: id_value - required: true + name: id + required: false schema: - type: string - - description: The field representing the ID. - example: host.name + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. in: query - name: id_field - required: true + name: rule_id + required: false schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - '404': - description: Criticality record not found - summary: Get an asset criticality record + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Delete a detection rule tags: - - Security Entity Analytics API + - Security Detections API + - Rules API + get: + description: Retrieve a detection rule using the `rule_id` or `id` field. + operationId: ReadRule + parameters: + - description: The rule's `id` value. + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. + in: query + name: rule_id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Retrieve a detection rule + tags: + - Security Detections API + - Rules API + patch: + description: >- + Update specific fields of an existing detection rule using the `rule_id` + or `id` field. + operationId: PatchRule + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Patch a detection rule + tags: + - Security Detections API + - Rules API post: + description: Create a new detection rule. + operationId: CreateRule + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Create a detection rule + tags: + - Security Detections API + - Rules API + put: description: > - Create or update an asset criticality record for a specific entity. + Update a detection rule using the `rule_id` or `id` field. The original + rule is replaced, and all unspecified fields are deleted. + > info - If a record already exists for the specified entity, that record is - overwritten with the specified value. If a record doesn't exist for the - specified entity, a new record is created. - operationId: CreateAssetCriticalityRecord + > You cannot modify the `id` or `rule_id` values. + operationId: UpdateRule requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - type: object - properties: - refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. - enum: - - wait_for - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord - description: Successful response - '400': - description: Invalid request - summary: Upsert an asset criticality record + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Update a detection rule tags: - - Security Entity Analytics API - /api/asset_criticality/bulk: + - Security Detections API + - Rules API + /api/detection_engine/rules/_bulk_action: + post: + description: >- + Apply a bulk action, such as bulk edit, duplicate, or delete, to + multiple detection rules. The bulk action is applied to all rules that + match the query or to the rules listed by their IDs. + operationId: PerformRulesBulkAction + parameters: + - description: Enables dry run mode for the request call. + in: query + name: dry_run + required: false + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDuplicateRules + - $ref: >- + #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionResponse + - $ref: >- + #/components/schemas/Security_Detections_API_BulkExportActionResponse + description: OK + summary: Apply a bulk action to detection rules + tags: + - Security Detections API + - Bulk API + /api/detection_engine/rules/_export: post: description: > - Bulk upsert up to 1000 asset criticality records. + Export detection rules to an `.ndjson` file. The following configuration + items are also included in the `.ndjson` file: + - Actions - If asset criticality records already exist for the specified entities, - those records are overwritten with the specified values. If asset - criticality records don't exist for the specified entities, new records - are created. - operationId: BulkUpsertAssetCriticalityRecords + - Exception lists + + > info + + > You cannot export prebuilt rules. + operationId: ExportRules + parameters: + - description: Determines whether a summary of the exported rules is returned. + in: query + name: exclude_export_details + required: false + schema: + default: false + type: boolean + - description: File name for saving the exported rules. + in: query + name: file_name + required: false + schema: + default: export.ndjson + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - example: - records: - - criticality_level: low_impact - id_field: host.name - id_value: host-1 - - criticality_level: medium_impact - id_field: host.name - id_value: host-2 + nullable: true type: object properties: - records: + objects: + description: >- + Array of `rule_id` fields. Exports all rules when + unspecified. items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - maxItems: 1000 - minItems: 1 + type: object + properties: + rule_id: + $ref: >- + #/components/schemas/Security_Detections_API_RuleSignatureId + required: + - rule_id type: array required: - - records + - objects + required: false responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - example: - errors: - - index: 0 - message: Invalid ID field - stats: - failed: 1 - successful: 1 - total: 2 - type: object - properties: - errors: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem - type: array - stats: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats - required: - - errors - - stats - description: Bulk upload successful - '413': - description: File too large - summary: Bulk upsert asset criticality records + description: An `.ndjson` file containing the returned rules. + format: binary + type: string + description: Indicates a successful call. + summary: Export detection rules tags: - - Security Entity Analytics API - /api/asset_criticality/list: + - Security Detections API + - Import/Export API + /api/detection_engine/rules/_find: get: - description: List asset criticality records, paging, sorting and filtering as needed. - operationId: FindAssetCriticalityRecords + description: >- + Retrieve a paginated list of detection rules. By default, the first page + is returned, with 20 results per page. + operationId: FindRules parameters: - - description: The field to sort by. + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query in: query - name: sort_field + name: filter required: false schema: - enum: - - id_value - - id_field - - criticality_level - - \@timestamp type: string - - description: The order to sort by. + - description: Field to sort by in: query - name: sort_direction + name: sort_field required: false schema: - enum: - - asc - - desc - type: string - - description: The page number to return. + $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' + - description: Sort order in: query - name: page + name: sort_order required: false schema: - minimum: 1 - type: integer - - description: The number of records to return per page. + $ref: '#/components/schemas/Security_Detections_API_SortOrder' + - description: Page number in: query - name: per_page + name: page required: false schema: - maximum: 1000 + default: 1 minimum: 1 type: integer - - description: The kuery to filter by. + - description: Rules per page in: query - name: kuery + name: per_page required: false schema: - type: string + default: 20 + minimum: 0 + type: integer responses: '200': content: @@ -5144,878 +1362,976 @@ paths: schema: type: object properties: - page: - minimum: 1 - type: integer - per_page: - maximum: 1000 - minimum: 1 - type: integer - records: + data: items: $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Detections_API_RuleResponse type: array + page: + type: integer + perPage: + type: integer total: - minimum: 0 type: integer required: - - records - page - - per_page + - perPage - total - description: Bulk upload successful - summary: List asset criticality records + - data + description: Successful response + summary: List all detection rules tags: - - Security Entity Analytics API - /api/data_views: - get: - operationId: getAllDataViewsDefault + - Security Detections API + - Rules API + /api/detection_engine/rules/_import: + post: + description: > + Import detection rules from an `.ndjson` file, including actions and + exception lists. The request must include: + + - The `Content-Type: multipart/form-data` HTTP header. + + - A link to the `.ndjson` file containing the rules. + operationId: ImportRules + parameters: + - description: >- + Determines whether existing rules with the same `rule_id` are + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing exception lists with the same `list_id` + are overwritten. + in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing actions with the same + `kibana.alert.rule.actions.id` are overwritten. + in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: Generates a new list ID for each imported exception list. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: The `.ndjson` file containing the rules. + format: binary + type: string + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' schema: + additionalProperties: false type: object properties: - data_view: + action_connectors_errors: items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + action_connectors_success: + type: boolean + action_connectors_success_count: + minimum: 0 + type: integer + action_connectors_warnings: + items: + $ref: >- + #/components/schemas/Security_Detections_API_WarningSchema + type: array + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array + exceptions_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_success: + type: boolean + exceptions_success_count: + minimum: 0 + type: integer + rules_count: + minimum: 0 + type: integer + success: + type: boolean + success_count: + minimum: 0 + type: integer + required: + - exceptions_success + - exceptions_success_count + - exceptions_errors + - rules_count + - success + - success_count + - errors + - action_connectors_errors + - action_connectors_warnings + - action_connectors_success + - action_connectors_success_count description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views + summary: Import detection rules tags: - - data views - /api/data_views/data_view: + - Security Detections API + - Import/Export API + '/api/detection_engine/rules/{id}/exceptions': post: - operationId: createDataViewDefaultw + operationId: CreateRuleExceptionListItems parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: Detection rule's identifier + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' + type: object + properties: + items: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps + type: array + required: + - items + description: Rule exception list items required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - /api/data_views/data_view/{viewId}: - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Creates rule exception list items tags: - - data views + - Security Exceptions API + /api/detection_engine/rules/preview: post: - operationId: updateDataViewDefault + operationId: RulePreview parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - description: >- + Enables logging and returning in response ES queries, performed + during rule execution + in: query + name: enable_logged_requests + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' + anyOf: + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EsqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + discriminator: + propertyName: type + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + type: object + properties: + isAborted: + type: boolean + logs: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewLogs + type: array + previewId: + $ref: >- + #/components/schemas/Security_Detections_API_NonEmptyString + required: + - logs + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view - tags: - - data views - /api/data_views/data_view/{viewId}/fields: - post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' - schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Preview rule alerts generated on specified time range tags: - - data views - /api/data_views/data_view/{viewId}/runtime_field: + - Security Detections API + - Rule preview API + /api/detection_engine/signals/assignees: post: - operationId: createRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + description: | + Assign users to detection alerts, and unassign them from alerts. + > info + > You cannot add and remove the same assignee in the same request. + operationId: SetAlertAssignees requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: type: object properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object + assignees: + $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' + description: Details about the assignees to assign and unassign. + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + description: List of alerts ids to assign and unassign passed assignees. required: - - name - - runtimeField + - assignees + - ids required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object description: Indicates a successful call. - summary: Create a runtime field + '400': + description: Invalid request. + summary: Assign and unassign users from detection alerts tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string + - Security Detections API + /api/detection_engine/signals/search: + post: + description: Find and/or aggregate detection alerts that match the given query. + operationId: SearchAlerts requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: + description: Elasticsearch query and aggregation request type: object properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. + _source: + oneOf: + - type: boolean + - type: string + - items: + type: string + type: array + aggs: + additionalProperties: true type: object - required: - - name - - runtimeField + fields: + items: + type: string + type: array + query: + additionalProperties: true + type: object + runtime_mappings: + additionalProperties: true + type: object + size: + minimum: 0 + type: integer + sort: + $ref: '#/components/schemas/Security_Detections_API_AlertsSort' + track_total_hits: + type: boolean + description: Search and/or aggregation query required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. + additionalProperties: true + description: Elasticsearch search response + type: object + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Find and/or aggregate detection alerts tags: - - data views + - Security Detections API + - Alerts API + /api/detection_engine/signals/status: post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + description: Set the status of one or more detection alerts. + operationId: SetAlertsStatus requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByIds + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery + description: >- + An object containing desired status and explicit alert ids or a query + to select alerts required: true responses: '200': - description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: true + description: Elasticsearch update by query response + type: object + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field - tags: - - data views - /api/data_views/default: - get: - operationId: getDefaultDataViewDefault - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response schema: - type: object - properties: - data_view_id: - type: string - description: Indicates a successful call. - '400': + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Set a detection alert status tags: - - data views + - Security Detections API + - Alerts API + /api/detection_engine/signals/tags: post: - operationId: setDefaultDatailViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + description: | + And tags to detection alerts, and remove them from alerts. + > info + > You cannot add and remove the same alert tag in the same request. + operationId: SetAlertTags requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' schema: type: object properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + tags: + $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' required: - - data_view_id + - ids + - tags + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: true + description: Elasticsearch update by query response type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Add and remove detection alert tags tags: - - data views - /api/data_views/swap_references: + - Security Detections API + - Alerts API + /api/detection_engine/tags: + get: + description: List all unique tags from all detection rules. + operationId: ReadTags + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + description: Indicates a successful call + summary: List all detection rule tags + tags: + - Security Detections API + - Tags API + /api/endpoint_list: post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + description: Creates an endpoint list or does nothing if the list already exists + operationId: CreateEndpointList responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Swap saved object references - tags: - - data views - /api/data_views/swap_references/_preview: - post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true - responses: - '200': + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Preview a saved object reference swap - tags: - - data views - /api/detection_engine/privileges: - get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - - space and index privileges, which determine if the user can create an - - index for the Elastic Security alerts generated by - - detection engine rules. - operationId: ReadPrivileges - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - has_encryption_key: - type: boolean - is_authenticated: - type: boolean - required: - - is_authenticated - - has_encryption_key - description: Successful response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Returns user privileges for the Kibana space + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Creates an endpoint list tags: - - Security Detections API - - Privileges API - /api/detection_engine/rules: + - Security Endpoint Exceptions API + /api/endpoint_list/items: delete: - description: Delete a detection rule using the `rule_id` or `id` field. - operationId: DeleteRule + operationId: DeleteEndpointListItem parameters: - - description: The rule's `id` value. + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified in: query - name: rule_id + name: item_id required: false schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Delete a detection rule + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Deletes an endpoint list item tags: - - Security Detections API - - Rules API + - Security Endpoint Exceptions API get: - description: Retrieve a detection rule using the `rule_id` or `id` field. - operationId: ReadRule + operationId: ReadEndpointListItem parameters: - - description: The rule's `id` value. + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - - description: The rule's `rule_id` value. + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified in: query - name: rule_id + name: item_id required: false schema: - $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Retrieve a detection rule - tags: - - Security Detections API - - Rules API - patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. - operationId: PatchRule - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' - required: true - responses: - '200': + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: array + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Patch a detection rule + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Reads an endpoint list item tags: - - Security Detections API - - Rules API + - Security Endpoint Exceptions API post: - description: Create a new detection rule. - operationId: CreateRule + operationId: CreateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' + type: object + properties: + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + required: + - type + - name + - description + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Create a detection rule + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item already exists + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Creates an endpoint list item tags: - - Security Detections API - - Rules API + - Security Endpoint Exceptions API put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` or `rule_id` values. - operationId: UpdateRule + operationId: UpdateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' + type: object + properties: + _version: + type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + required: + - type + - name + - description + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' - description: Indicates a successful call. - summary: Update a detection rule - tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_bulk_action: - post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. - operationId: PerformRulesBulkAction - parameters: - - description: Enables dry run mode for the request call. - in: query - name: dry_run - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDisableRules - - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Detections_API_BulkManualRuleRun - - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' - responses: - '200': + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Detections_API_BulkExportActionResponse - description: OK - summary: Apply a bulk action to detection rules + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Updates an endpoint list item tags: - - Security Detections API - - Bulk API - /api/detection_engine/rules/_export: - post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - - - Actions - - - Exception lists - - > info - - > You cannot export prebuilt rules. - operationId: ExportRules + - Security Endpoint Exceptions API + /api/endpoint_list/items/_find: + get: + operationId: FindEndpointListItems parameters: - - description: Determines whether a summary of the exported rules is returned. + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. in: query - name: exclude_export_details + name: filter required: false schema: - default: false - type: boolean - - description: File name for saving the exported rules. + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter + - description: The page number to return in: query - name: file_name + name: page required: false schema: - default: export.ndjson - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - nullable: true - type: object - properties: - objects: - description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. - items: - type: object - properties: - rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId - required: - - rule_id - type: array - required: - - objects - required: false - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: An `.ndjson` file containing the returned rules. - format: binary - type: string - description: Indicates a successful call. - summary: Export detection rules - tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/_find: - get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. - operationId: FindRules - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query + minimum: 0 + type: integer + - description: The number of exception list items to return per page in: query - name: filter + name: per_page required: false schema: - type: string - - description: Field to sort by + minimum: 0 + type: integer + - description: Determines which field is used to sort the results in: query name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' - - description: Sort order + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order required: false schema: - $ref: '#/components/schemas/Security_Detections_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Rules per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer + enum: + - desc + - asc + type: string responses: '200': content: @@ -6026,791 +2342,718 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Detections_API_RuleResponse + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem type: array page: + minimum: 0 type: integer - perPage: + per_page: + minimum: 0 type: integer + pit: + type: string total: + minimum: 0 type: integer required: + - data - page - - perPage + - per_page - total - - data description: Successful response - summary: List all detection rules + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Finds endpoint list items tags: - - Security Detections API - - Rules API - /api/detection_engine/rules/_import: - post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - - - The `Content-Type: multipart/form-data` HTTP header. - - - A link to the `.ndjson` file containing the rules. - operationId: ImportRules + - Security Endpoint Exceptions API + /api/endpoint/action: + get: + description: Get a list of all response actions. + operationId: EndpointGetActionsList parameters: - - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. - in: query - name: overwrite - required: false + - in: query + name: query + required: true schema: - default: false - type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. - in: query - name: overwrite_exceptions - required: false + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get response actions + tags: + - Security Endpoint Management API + '/api/endpoint/action_log/{agent_id}': + get: + deprecated: true + description: Get an action request log for the specified agent ID. + operationId: EndpointGetActionLog + parameters: + - in: path + name: agent_id + required: true schema: - default: false - type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. - in: query - name: overwrite_action_connectors - required: false + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + - in: query + name: query + required: true schema: - default: false - type: boolean - - description: Generates a new list ID for each imported exception list. - in: query - name: as_new_list - required: false + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get an action request log + tags: + - Security Endpoint Management API + /api/endpoint/action_status: + get: + description: Get the status of response actions for the specified agent IDs. + operationId: EndpointGetActionsStatus + parameters: + - in: query + name: query + required: true schema: - default: false - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: The `.ndjson` file containing the rules. - format: binary - type: string - required: true + type: object + properties: + agent_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - action_connectors_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - action_connectors_success: - type: boolean - action_connectors_success_count: - minimum: 0 - type: integer - action_connectors_warnings: - items: - $ref: >- - #/components/schemas/Security_Detections_API_WarningSchema - type: array - errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_errors: - items: - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' - type: array - exceptions_success: - type: boolean - exceptions_success_count: - minimum: 0 - type: integer - rules_count: - minimum: 0 - type: integer - success: - type: boolean - success_count: - minimum: 0 - type: integer - required: - - exceptions_success - - exceptions_success_count - - exceptions_errors - - rules_count - - success - - success_count - - errors - - action_connectors_errors - - action_connectors_warnings - - action_connectors_success - - action_connectors_success_count - description: Indicates a successful call. - summary: Import detection rules + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse + description: OK + summary: Get response actions status tags: - - Security Detections API - - Import/Export API - /api/detection_engine/rules/{id}/exceptions: - post: - description: Create exception items that apply to a single detection rule. - operationId: CreateRuleExceptionListItems + - Security Endpoint Management API + '/api/endpoint/action/{action_id}': + get: + description: Get the details of a response action using the action ID. + operationId: EndpointGetActionsDetails parameters: - - description: Detection rule's identifier - in: path - name: id + - in: path + name: action_id required: true schema: - $ref: '#/components/schemas/Security_Exceptions_API_RuleId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps - type: array - required: - - items - description: Rule exception list items - required: true + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - description: Successful response - '400': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get action details + tags: + - Security Endpoint Management API + '/api/endpoint/action/{action_id}/file/{file_id}': + get: + description: Get information for the specified file using the file ID. + operationId: EndpointFileInfo + parameters: + - in: path + name: action_id + required: true + schema: + type: string + - in: path + name: file_id + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get file information + tags: + - Security Endpoint Management API + '/api/endpoint/action/{action_id}/file/{file_id}/download': + get: + description: Download a file from an endpoint. + operationId: EndpointFileDownload + parameters: + - in: path + name: action_id + required: true + schema: + type: string + - in: path + name: file_id + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Download a file + tags: + - Security Endpoint Management API + /api/endpoint/action/execute: + post: + description: Run a shell command on an endpoint. + operationId: EndpointExecuteAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Run a command + tags: + - Security Endpoint Management API + /api/endpoint/action/get_file: + post: + description: Get a file from an endpoint. + operationId: EndpointGetFileAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create rule exception list items + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get a file tags: - - Security Exceptions API - /api/detection_engine/rules/preview: + - Security Endpoint Management API + /api/endpoint/action/isolate: post: - operationId: RulePreview - parameters: - - description: >- - Enables logging and returning in response ES queries, performed - during rule execution - in: query - name: enable_logged_requests - required: false - schema: - type: boolean + description: >- + Isolate an endpoint from the network. The endpoint remains isolated + until it's released. + operationId: EndpointIsolateAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams - discriminator: - propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - isAborted: - type: boolean - logs: - items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLogs - type: array - previewId: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString - required: - - logs - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Preview rule alerts generated on specified time range + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Isolate an endpoint tags: - - Security Detections API - - Rule preview API - /api/detection_engine/signals/assignees: + - Security Endpoint Management API + /api/endpoint/action/kill_process: post: - description: | - Assign users to detection alerts, and unassign them from alerts. - > info - > You cannot add and remove the same assignee in the same request. - operationId: SetAlertAssignees + description: Terminate a running process on an endpoint. + operationId: EndpointKillProcessAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - assignees: - $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' - description: Details about the assignees to assign and unassign. - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. - required: - - assignees - - ids + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody required: true responses: '200': - description: Indicates a successful call. - '400': - description: Invalid request. - summary: Assign and unassign users from detection alerts + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Terminate a process tags: - - Security Detections API - /api/detection_engine/signals/search: + - Security Endpoint Management API + /api/endpoint/action/running_procs: post: - description: Find and/or aggregate detection alerts that match the given query. - operationId: SearchAlerts + description: Get a list of all processes running on an endpoint. + operationId: EndpointGetProcessesAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: Elasticsearch query and aggregation request - type: object - properties: - _source: - oneOf: - - type: boolean - - type: string - - items: - type: string - type: array - aggs: - additionalProperties: true - type: object - fields: - items: - type: string - type: array - query: - additionalProperties: true - type: object - runtime_mappings: - additionalProperties: true - type: object - size: - minimum: 0 - type: integer - sort: - $ref: '#/components/schemas/Security_Detections_API_AlertsSort' - track_total_hits: - type: boolean - description: Search and/or aggregation query + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch search response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Find and/or aggregate detection alerts + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get running processes tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/status: + - Security Endpoint Management API + /api/endpoint/action/scan: post: - description: Set the status of one or more detection alerts. - operationId: SetAlertsStatus + description: Scan a specific file or directory on an endpoint for malware. + operationId: EndpointScanAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Scan a file or directory + tags: + - Security Endpoint Management API + /api/endpoint/action/state: + get: + description: >- + Get a response actions state, which reports whether encryption is + enabled. + operationId: EndpointGetActionsState + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Set a detection alert status + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse + description: OK + summary: Get actions state tags: - - Security Detections API - - Alerts API - /api/detection_engine/signals/tags: + - Security Endpoint Management API + /api/endpoint/action/suspend_process: post: - description: | - And tags to detection alerts, and remove them from alerts. - > info - > You cannot add and remove the same alert tag in the same request. - operationId: SetAlertTags + description: Suspend a running process on an endpoint. + operationId: EndpointSuspendProcessAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - ids: - $ref: '#/components/schemas/Security_Detections_API_AlertIds' - tags: - $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' - required: - - ids - - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - description: Elasticsearch update by query response - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse - description: Invalid input data response - '401': + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Suspend a process + tags: + - Security Endpoint Management API + /api/endpoint/action/unisolate: + post: + description: 'Release an isolated endpoint, allowing it to rejoin a network.' + operationId: EndpointUnisolateAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - description: Unsuccessful authentication response - '500': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Release an isolated endpoint + tags: + - Security Endpoint Management API + /api/endpoint/action/upload: + post: + description: Upload a file to an endpoint. + operationId: EndpointUploadAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' - description: Internal server error response - summary: Add and remove detection alert tags + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Upload a file tags: - - Security Detections API - - Alerts API - /api/detection_engine/tags: + - Security Endpoint Management API + /api/endpoint/metadata: get: - description: List all unique tags from all detection rules. - operationId: ReadTags + operationId: GetEndpointMetadataList + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' - description: Indicates a successful call - summary: List all detection rule tags + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get a metadata list tags: - - Security Detections API - - Tags API - /api/endpoint_list: - post: - description: >- - Create an endpoint exception list, which groups endpoint exception list - items. If an endpoint exception list already exists, an empty response - is returned. - operationId: CreateEndpointList + - Security Endpoint Management API + '/api/endpoint/metadata/{id}': + get: + operationId: GetEndpointMetadata + parameters: + - in: path + name: id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get metadata + tags: + - Security Endpoint Management API + /api/endpoint/metadata/transforms: + get: + deprecated: true + operationId: GetEndpointMetadataTransform + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get metadata transforms + tags: + - Security Endpoint Management API + /api/endpoint/policy_response: + get: + operationId: GetPolicyResponse + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + agentId: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '500': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get a policy response + tags: + - Security Endpoint Management API + /api/endpoint/policy/summaries: + get: + deprecated: true + operationId: GetAgentPolicySummary + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + package_name: + type: string + policy_id: + nullable: true + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Create an endpoint exception list + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get an agent policy summary tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items: - delete: - description: >- - Delete an endpoint exception list item using the `id` or `item_id` - field. - operationId: DeleteEndpointListItem + - Security Endpoint Management API + '/api/endpoint/protection_updates_note/{package_policy_id}': + get: + operationId: GetProtectionUpdatesNote parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false + - in: path + name: package_policy_id + required: true schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + description: OK + summary: Get a protection updates note + tags: + - Security Endpoint Management API + post: + operationId: CreateUpdateProtectionUpdatesNote + parameters: + - in: path + name: package_policy_id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + note: + type: string + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + description: OK + summary: Create or update a protection updates note + tags: + - Security Endpoint Management API + '/api/endpoint/suggestions/{suggestion_type}': + post: + deprecated: true + operationId: GetEndpointSuggestions + parameters: + - in: path + name: suggestion_type + required: true + schema: + enum: + - eventFilters + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + field: + type: string + fieldMeta: {} + filters: {} + query: + type: string + required: + - parameters + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get suggestions + tags: + - Security Endpoint Management API + /api/entity_store/engines: + get: + operationId: ListEntityEngines + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Delete an endpoint exception list item + type: object + properties: + count: + type: integer + engines: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + type: array + description: Successful response + summary: List the Entity Engines tags: - - Security Endpoint Exceptions API - get: - description: >- - Get the details of an endpoint exception list item using the `id` or - `item_id` field. - operationId: ReadEndpointListItem + - Security Entity Analytics API + '/api/entity_store/engines/{entityType}': + delete: + operationId: DeleteEntityEngine parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - - description: Either `id` or `item_id` must be specified + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + - description: Control flag to also delete the entity data. in: query - name: item_id + name: data required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array + type: object + properties: + deleted: + type: boolean description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found - '500': + summary: Delete the Entity Engine + tags: + - Security Entity Analytics API + get: + operationId: GetEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Get an endpoint exception list item + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + description: Successful response + summary: Get an Entity Engine tags: - - Security Endpoint Exceptions API + - Security Entity Analytics API + '/api/entity_store/engines/{entityType}/init': post: - description: >- - Create an endpoint exception list item, and associate it with the - endpoint exception list. - operationId: CreateEndpointListItem + operationId: InitEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - default: [] - type: + fieldHistoryLength: + default: 10 + description: The number of historical values to keep for each field. + type: integer + filter: + type: string + indexPattern: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + description: Schema for the engine initialization required: true responses: '200': @@ -6818,198 +3061,189 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': + summary: Initialize an Entity Engine + tags: + - Security Entity Analytics API + '/api/entity_store/engines/{entityType}/start': + post: + operationId: StartEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '409': + type: object + properties: + started: + type: boolean + description: Successful response + summary: Start an Entity Engine + tags: + - Security Entity Analytics API + '/api/entity_store/engines/{entityType}/stats': + post: + operationId: GetEntityEngineStats + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item already exists - '500': + type: object + properties: + indexPattern: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + indices: + items: + type: object + type: array + status: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineStatus + transforms: + items: + type: object + type: array + type: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityType + description: Successful response + summary: Get Entity Engine stats + tags: + - Security Entity Analytics API + '/api/entity_store/engines/{entityType}/stop': + post: + operationId: StopEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Create an endpoint exception list item + type: object + properties: + stopped: + type: boolean + description: Successful response + summary: Stop an Entity Engine tags: - - Security Endpoint Exceptions API - put: - description: >- - Update an endpoint exception list item using the `id` or `item_id` - field. - operationId: UpdateEndpointListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray - id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName - os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType - required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true + - Security Entity Analytics API + /api/entity_store/engines/apply_dataview_indices: + post: + operationId: ApplyEntityEngineDataviewIndices responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: object + properties: + result: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + type: array + success: + type: boolean description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': + '207': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list item not found + type: object + properties: + errors: + items: + type: string + type: array + result: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + type: array + success: + type: boolean + description: Partial successful response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Update an endpoint exception list item + type: object + properties: + body: + type: string + statusCode: + type: number + description: Error response + summary: Apply DataView indices to all installed engines tags: - - Security Endpoint Exceptions API - /api/endpoint_list/items/_find: + - Security Entity Analytics API + /api/entity_store/entities/list: get: - description: Get a list of all endpoint exception list items. - operationId: FindEndpointListItems + description: 'List entities records, paging, sorting and filtering as needed.' + operationId: ListEntities parameters: - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter + - in: query + name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter - - description: The page number to return - in: query + type: string + - in: query + name: sort_order + required: false + schema: + enum: + - asc + - desc + type: string + - in: query name: page required: false schema: - minimum: 0 + minimum: 1 type: integer - - description: The number of exception list items to return per page - in: query + - in: query name: per_page required: false schema: - minimum: 0 + maximum: 10000 + minimum: 1 type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - - description: Determines the sort order, which can be `desc` or `asc` + - description: An ES query to filter by. in: query - name: sort_order + name: filterQuery required: false schema: - enum: - - desc - - asc type: string + - in: query + name: entities_types + required: true + schema: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array responses: '200': content: @@ -7017,27 +3251,62 @@ paths: schema: type: object properties: - data: - items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem - type: array + inspect: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_InspectQuery page: - minimum: 0 + minimum: 1 type: integer per_page: - minimum: 0 + maximum: 1000 + minimum: 1 type: integer - pit: - type: string + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_Entity + type: array total: minimum: 0 type: integer required: - - data + - records - page - per_page - total + description: Entities returned successfully + summary: List Entity Store Entities + tags: + - Security Entity Analytics API + /api/exception_lists: + delete: + operationId: DeleteExceptionList + parameters: + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -7045,883 +3314,516 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Invalid input data + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - description: Insufficient privileges - '404': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Endpoint list not found + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse - description: Internal server error - summary: Get endpoint exception list items + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes an exception list tags: - - Security Endpoint Exceptions API - /api/endpoint/action: + - Security Exceptions API get: - description: Get a list of all response actions. - operationId: EndpointGetActionsList + operationId: ReadExceptionList parameters: - - in: query - name: query - required: true + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get response actions - tags: - - Security Endpoint Management API - /api/endpoint/action_log/{agent_id}: - get: - deprecated: true - description: Get an action request log for the specified agent ID. - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified + in: query + name: list_id + required: false schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query - name: query - required: true + name: namespace_type + required: false schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an action request log - tags: - - Security Endpoint Management API - /api/endpoint/action_status: - get: - description: Get the status of response actions for the specified agent IDs. - operationId: EndpointGetActionsStatus - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agent_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse - description: OK - summary: Get response actions status - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}: - get: - description: Get the details of a response action using the action ID. - operationId: EndpointGetActionsDetails - parameters: - - in: path - name: action_id - required: true - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get action details - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}: - get: - description: Get information for the specified file using the file ID. - operationId: EndpointFileInfo - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get file information - tags: - - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}/download: - get: - description: Download a file from an endpoint. - operationId: EndpointFileDownload - parameters: - - in: path - name: action_id - required: true - schema: - type: string - - in: path - name: file_id - required: true - schema: - type: string - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Download a file - tags: - - Security Endpoint Management API - /api/endpoint/action/execute: - post: - description: Run a shell command on an endpoint. - operationId: EndpointExecuteAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody - required: true - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Run a command + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Retrieves an exception list using its `id` or `list_id` field tags: - - Security Endpoint Management API - /api/endpoint/action/get_file: + - Security Exceptions API post: - description: Get a file from an endpoint. - operationId: EndpointGetFileAction + operationId: CreateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + type: object + properties: + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion + default: 1 + required: + - name + - description + - type + description: Exception list's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a file - tags: - - Security Endpoint Management API - /api/endpoint/action/isolate: - post: - description: >- - Isolate an endpoint from the network. The endpoint remains isolated - until it's released. - operationId: EndpointIsolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody - required: true - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Isolate an endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/kill_process: - post: - description: Terminate a running process on an endpoint. - operationId: EndpointKillProcessAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Terminate a process - tags: - - Security Endpoint Management API - /api/endpoint/action/running_procs: - post: - description: Get a list of all processes running on an endpoint. - operationId: EndpointGetProcessesAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody - required: true - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get running processes - tags: - - Security Endpoint Management API - /api/endpoint/action/scan: - post: - description: Scan a specific file or directory on an endpoint for malware. - operationId: EndpointScanAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody - required: true - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Scan a file or directory - tags: - - Security Endpoint Management API - /api/endpoint/action/state: - get: - description: >- - Get a response actions state, which reports whether encryption is - enabled. - operationId: EndpointGetActionsState - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse - description: OK - summary: Get actions state + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Creates an exception list tags: - - Security Endpoint Management API - /api/endpoint/action/suspend_process: - post: - description: Suspend a running process on an endpoint. - operationId: EndpointSuspendProcessAction + - Security Exceptions API + put: + operationId: UpdateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody + type: object + properties: + _version: + type: string + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion + required: + - name + - description + - type + description: Exception list's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Suspend a process - tags: - - Security Endpoint Management API - /api/endpoint/action/unisolate: - post: - description: Release an isolated endpoint, allowing it to rejoin a network. - operationId: EndpointUnisolateAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody - required: true - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Release an isolated endpoint - tags: - - Security Endpoint Management API - /api/endpoint/action/upload: - post: - description: Upload a file to an endpoint. - operationId: EndpointUploadAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody - required: true - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Upload a file + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Updates an exception list tags: - - Security Endpoint Management API - /api/endpoint/metadata: - get: - operationId: GetEndpointMetadataList + - Security Exceptions API + /api/exception_lists/_duplicate: + post: + operationId: DuplicateExceptionList parameters: + - description: Exception list's human identifier + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query - name: query + name: namespace_type required: true schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a metadata list - tags: - - Security Endpoint Management API - /api/endpoint/metadata/{id}: - get: - operationId: GetEndpointMetadata - parameters: - - in: path - name: id + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions required: true schema: + default: 'true' + enum: + - 'true' + - 'false' type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata - tags: - - Security Endpoint Management API - /api/endpoint/metadata/transforms: - get: - deprecated: true - operationId: GetEndpointMetadataTransform - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get metadata transforms - tags: - - Security Endpoint Management API - /api/endpoint/policy_response: - get: - operationId: GetPolicyResponse - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - agentId: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get a policy response - tags: - - Security Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get an agent policy summary - tags: - - Security Endpoint Management API - /api/endpoint/protection_updates_note/{package_policy_id}: - get: - operationId: GetProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '405': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Get a protection updates note - tags: - - Security Endpoint Management API - post: - operationId: CreateUpdateProtectionUpdatesNote - parameters: - - in: path - name: package_policy_id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - note: - type: string - required: true - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list to duplicate not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse - description: OK - summary: Create or update a protection updates note + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Duplicates an exception list tags: - - Security Endpoint Management API - /api/endpoint/suggestions/{suggestion_type}: + - Security Exceptions API + /api/exception_lists/_export: post: - deprecated: true - operationId: GetEndpointSuggestions + description: Exports an exception list and its associated items to an .ndjson file + operationId: ExportExceptionList parameters: - - in: path - name: suggestion_type + - description: Exception list's identifier + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human identifier + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions required: true schema: + default: 'true' enum: - - eventFilters + - 'true' + - 'false' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true responses: '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: >- + A `.ndjson` file containing specified exception list and its + items + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse - description: OK - summary: Get suggestions - tags: - - Security Endpoint Management API - /api/entity_store/engines: - get: - operationId: ListEntityEngines - responses: - '200': + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - count: - type: integer - engines: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - type: array - description: Successful response - summary: List the Entity Engines - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}: - delete: - operationId: DeleteEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - - description: Control flag to also delete the entity data. - in: query - name: data - required: false - schema: - type: boolean - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - deleted: - type: boolean - description: Successful response - summary: Delete the Entity Engine - tags: - - Security Entity Analytics API - get: - operationId: GetEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Get an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/init: - post: - operationId: InitEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - fieldHistoryLength: - default: 10 - description: The number of historical values to keep for each field. - type: integer - filter: - type: string - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - description: Schema for the engine initialization - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor - description: Successful response - summary: Initialize an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/start: - post: - operationId: StartEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - started: - type: boolean - description: Successful response - summary: Start an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stats: - post: - operationId: GetEntityEngineStats - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern - indices: - items: - type: object - type: array - status: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineStatus - transforms: - items: - type: object - type: array - type: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityType - description: Successful response - summary: Get Entity Engine stats - tags: - - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stop: - post: - operationId: StopEntityEngine - parameters: - - description: The entity type of the engine (either 'user' or 'host'). - in: path - name: entityType - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - stopped: - type: boolean - description: Successful response - summary: Stop an Entity Engine - tags: - - Security Entity Analytics API - /api/entity_store/engines/apply_dataview_indices: - post: - operationId: ApplyEntityEngineDataviewIndices - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Successful response - '207': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - errors: - items: - type: string - type: array - result: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult - type: array - success: - type: boolean - description: Partial successful response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Error response - summary: Apply DataView indices to all installed engines + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Exports an exception list tags: - - Security Entity Analytics API - /api/entity_store/entities/list: + - Security Exceptions API + /api/exception_lists/_find: get: - description: List entities records, paging, sorting and filtering as needed. - operationId: ListEntities + operationId: FindExceptionLists parameters: - - in: query - name: sort_field + - description: > + Filters the returned results according to the value of the specified + field. + + + Uses the `so type.field name:field` value syntax, where `so type` + can be: + + + - `exception-list`: Specify a space-aware exception list. + + - `exception-list-agnostic`: Specify an exception list that is + shared across spaces. + in: query + name: filter required: false schema: - type: string - - in: query - name: sort_order + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type required: false schema: - enum: - - asc - - desc - type: string - - in: query + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - description: The page number to return + in: query name: page required: false schema: minimum: 1 type: integer - - in: query + - description: The number of exception lists to return per page + in: query name: per_page required: false schema: - maximum: 10000 minimum: 1 type: integer - - description: An ES query to filter by. + - description: Determines which field is used to sort the results in: query - name: filterQuery + name: sort_field required: false schema: type: string - - in: query - name: entities_types - required: true + - description: 'Determines the sort order, which can be `desc` or `asc`' + in: query + name: sort_order + required: false schema: - items: - $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - type: array + enum: + - desc + - asc + type: string responses: '200': content: @@ -7929,50 +3831,197 @@ paths: schema: type: object properties: - inspect: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_InspectQuery + data: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionList + type: array page: minimum: 1 type: integer per_page: - maximum: 1000 minimum: 1 type: integer - records: - items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_Entity - type: array total: minimum: 0 type: integer required: - - records + - data - page - per_page - total - description: Entities returned successfully - summary: List Entity Store Entities + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Finds exception lists tags: - - Security Entity Analytics API - /api/exception_lists: + - Security Exceptions API + /api/exception_lists/_import: + post: + description: Imports an exception list and associated items + operationId: ImportExceptionList + parameters: + - description: > + Determines whether existing exception lists with the same `list_id` + are overwritten. + + If any exception items have the same `item_id`, those are also + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: > + Determines whether the list being imported will have a new `list_id` + generated. + + Additional `item_id`'s are generated for each exception item. Both + the exception + + list and its items are overwritten. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: A `.ndjson` file containing the exception list + format: binary + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + errors: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray + success: + type: boolean + success_count: + minimum: 0 + type: integer + success_count_exception_list_items: + minimum: 0 + type: integer + success_count_exception_lists: + minimum: 0 + type: integer + success_exception_list_items: + type: boolean + success_exception_lists: + type: boolean + required: + - errors + - success + - success_count + - success_exception_lists + - success_count_exception_lists + - success_exception_list_items + - success_count_exception_list_items + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Imports an exception list + tags: + - Security Exceptions API + /api/exception_lists/items: delete: - description: Delete an exception list using the `id` or `list_id` field. - operationId: DeleteExceptionList + operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `list_id` must be specified + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified in: query - name: list_id + name: item_id required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query name: namespace_type required: false @@ -7985,7 +4034,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -8016,32 +4065,32 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response + description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Delete an exception list + summary: Deletes an exception list item tags: - Security Exceptions API get: - description: Get the details of an exception list using the `id` or `list_id` field. - operationId: ReadExceptionList + operationId: ReadExceptionListItem parameters: - - description: Either `id` or `list_id` must be specified + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified in: query - name: list_id + name: item_id required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query name: namespace_type required: false @@ -8054,7 +4103,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -8092,72 +4141,71 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Get exception list details + summary: Gets an exception list item tags: - Security Exceptions API post: - description: > - An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. - operationId: CreateExceptionList + operationId: CreateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray + default: [] description: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] tags: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags default: [] type: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion - default: 1 + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: + - list_id + - type - name - description - - type - description: Exception list's properties + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -8188,19 +4236,18 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response + description: Exception list item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create an exception list + summary: Creates an exception list item tags: - Security Exceptions API put: - description: Update an exception list using the `id` or `list_id` field. - operationId: UpdateExceptionList + operationId: UpdateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -8209,49 +4256,63 @@ paths: properties: _version: type: string + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray + default: [] description: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string id: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - list_id: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: + #/components/schemas/Security_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags type: $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType - version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: + - type - name - description - - type - description: Exception list's properties + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -8282,51 +4343,120 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response + description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Update an exception list + summary: Updates an exception list item tags: - Security Exceptions API - /api/exception_lists/_duplicate: - post: - description: Duplicate an existing exception list. - operationId: DuplicateExceptionList + /api/exception_lists/items/_find: + get: + operationId: FindExceptionListItems parameters: - - description: Exception list's human identifier + - description: List's id in: query name: list_id required: true schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + type: array + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. + in: query + name: filter + required: false + schema: + default: [] + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter + type: array + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query name: namespace_type - required: true + required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - in: query + name: search + required: false + schema: + type: string + - description: The page number to return in: query - name: include_expired_exceptions - required: true + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + - description: 'Determines the sort order, which can be `desc` or `asc`' + in: query + name: sort_order + required: false schema: - default: 'true' enum: - - 'true' - - 'false' + - desc + - asc type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total description: Successful response '400': content: @@ -8352,66 +4482,69 @@ paths: $ref: >- #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response - '405': + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list to duplicate not found response + description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Duplicate an exception list + summary: Finds exception list items tags: - Security Exceptions API - /api/exception_lists/_export: - post: - description: Export an exception list and its associated items to an NDJSON file. - operationId: ExportExceptionList + /api/exception_lists/summary: + get: + operationId: ReadExceptionListSummary parameters: - - description: Exception list's identifier + - description: Exception list's identifier generated upon creation in: query name: id - required: true + required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier + - description: Exception list's human readable identifier in: query name: list_id - required: true + required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type - required: true + required: false schema: $ref: >- #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + default: single + - description: Search filter clause in: query - name: include_expired_exceptions - required: true + name: filter + required: false schema: - default: 'true' - enum: - - 'true' - - 'false' type: string responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - description: >- - A `.ndjson` file containing specified exception list and its - items - format: binary - type: string + type: object + properties: + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer description: Successful response '400': content: @@ -8449,77 +4582,77 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Export an exception list + summary: Retrieves an exception list summary tags: - Security Exceptions API - /api/exception_lists/_find: + /api/exceptions/shared: + post: + operationId: CreateSharedExceptionList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + required: + - name + - description + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Creates a shared exception list + tags: + - Security Exceptions API + /api/fleet/agent_download_sources: get: - description: Get a list of all exception lists. - operationId: FindExceptionLists - parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: - - - - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. - in: query - name: filter - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 1 - type: integer - - description: The number of exception lists to return per page - in: query - name: per_page - required: false - schema: - minimum: 1 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - type: string - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string + operationId: get-download-sources responses: '200': content: @@ -8527,113 +4660,166 @@ paths: schema: type: object properties: - data: + items: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Fleet_download_sources' type: array page: - minimum: 1 type: integer - per_page: - minimum: 1 + perPage: type: integer total: - minimum: 0 type: integer - required: - - data - - page - - per_page - - total - description: Successful response + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources + tags: + - Elastic Agent binary download sources + post: + operationId: post-download-sources + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - host + - is_default + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent binary download source + tags: + - Elastic Agent binary download sources + '/api/fleet/agent_download_sources/{sourceId}': + delete: + operationId: delete-download-source + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent binary download source by ID + tags: + - Elastic Agent binary download sources + get: + operationId: get-one-download-source + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent binary download source by ID + tags: + - Elastic Agent binary download sources + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + put: + operationId: update-download-source + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - is_default + - host + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception lists + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent binary download source by ID tags: - - Security Exceptions API - /api/exception_lists/_import: - post: - description: Import an exception list and its associated items from an NDJSON file. - operationId: ImportExceptionList + - Elastic Agent binary download sources + /api/fleet/agent_policies: + get: + description: '' + operationId: agent-policy-list parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. in: query - name: overwrite - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false + name: full schema: - default: false type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - - list and its items are overwritten. + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. in: query - name: as_new_list - required: false + name: noAgentCount schema: - default: false type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: A `.ndjson` file containing the exception list - format: binary - type: string - required: true responses: '200': content: @@ -8641,502 +4827,325 @@ paths: schema: type: object properties: - errors: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray - success: - type: boolean - success_count: - minimum: 0 - type: integer - success_count_exception_list_items: - minimum: 0 - type: integer - success_count_exception_lists: - minimum: 0 - type: integer - success_exception_list_items: - type: boolean - success_exception_lists: - type: boolean - required: - - errors - - success - - success_count - - success_exception_lists - - success_count_exception_lists - - success_exception_list_items - - success_count_exception_list_items - description: Successful response + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Import an exception list + $ref: '#/components/responses/Fleet_error' + summary: List agent policies tags: - - Security Exceptions API - /api/exception_lists/items: - delete: - description: Delete an exception list item using the `id` or `item_id` field. - operationId: DeleteExceptionListItem + - Elastic Agent policies + post: + operationId: create-agent-policy parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_create_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Delete an exception list item + $ref: '#/components/responses/Fleet_error' + summary: Create agent policy tags: - - Security Exceptions API - get: - description: >- - Get the details of an exception list item using the `id` or `item_id` - field. - operationId: ReadExceptionListItem + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: + post: + operationId: bulk-get-agent-policies parameters: - - description: Either `id` or `item_id` must be specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified - in: query - name: item_id - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of agent policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get agent policies + tags: + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}': + get: + description: Get one agent policy + operationId: agent-policy-info + parameters: [] + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' + put: + operationId: update-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list item + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent policy by ID tags: - - Security Exceptions API + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}/copy': + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' post: - description: > - Create an exception item and associate it with the specified exception - list. - - > info - - > Before creating exception items, you must create an exception list. - operationId: CreateExceptionListItem + operationId: agent-policy-copy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray - default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time type: string - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - default: [] - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType + type: string required: - - list_id - - type - name - - description - - entries - description: Exception list item's properties - required: true + description: '' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Copy agent policy by ID + tags: + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}/download': + get: + operationId: agent-policy-download + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item already exists response - '500': + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + '/api/fleet/agent_policies/{agentPolicyId}/full': + get: + operationId: agent-policy-full + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create an exception list item + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID tags: - - Security Exceptions API - put: - description: Update an exception list item using the `id` or `item_id` field. - operationId: UpdateExceptionListItem + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/delete: + parameters: [] + post: + operationId: delete-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - _version: - type: string - comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray - default: [] - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription - entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray - expire_time: - format: date-time + agentPolicyId: type: string - id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified - item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - description: Either `id` or `item_id` must be specified - list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName - namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray - default: [] - tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags - type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType + force: + description: >- + bypass validation checks that can prevent agent policy + deletion + type: boolean required: - - type - - name - - description - - entries - description: Exception list item's properties - required: true + - agentPolicyId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response + type: object + properties: + id: + type: string + success: + type: boolean + required: + - id + - success + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list item + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID tags: - - Security Exceptions API - /api/exception_lists/items/_find: + - Elastic Agent policies + /api/fleet/agent_status: get: - description: Get a list of all exception list items in the specified list. - operationId: FindExceptionListItems + operationId: get-agent-status parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId - type: array - - description: > - Filters the returned results according to the value of the specified - field, - - using the `:` syntax. - in: query - name: filter + - in: query + name: policyId required: false schema: - default: [] - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter - type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - - or available in all spaces (`agnostic` or `single`) + type: string + - deprecated: true in: query - name: namespace_type + name: kuery required: false schema: - default: - - single - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - type: array - - in: query - name: search - required: false - schema: - type: string - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc type: string responses: '200': @@ -9145,94 +5154,86 @@ paths: schema: type: object properties: - data: - items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem - type: array - page: - minimum: 1 + active: type: integer - per_page: - minimum: 1 + all: + type: integer + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: type: integer - pit: - type: string total: - minimum: 0 + deprecated: true + type: integer + unenrolled: + type: integer + updating: type: integer required: - - data - - page - - per_page + - active + - all + - error + - events + - inactive + - offline + - online + - other - total - description: Successful response + - updating + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary + tags: + - Elastic Agent status + /api/fleet/agent_status/data: + get: + operationId: get-agent-data + parameters: + - in: query + name: agentsIds + required: true + schema: + items: + type: string + type: array + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list items + type: object + properties: + items: + items: + additionalProperties: + type: object + properties: + data: + type: boolean + type: object + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get incoming agent data tags: - - Security Exceptions API - /api/exception_lists/summary: + - Elastic Agent status + /api/fleet/agent-status: get: - description: Get a summary of the specified exception list. - operationId: ReadExceptionListSummary + deprecated: true + operationId: get-agent-status-deprecated parameters: - - description: Exception list's identifier generated upon creation - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query - name: namespace_type - required: false - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - default: single - - description: Search filter clause - in: query - name: filter + name: policyId required: false schema: type: string @@ -9243,354 +5244,354 @@ paths: schema: type: object properties: - linux: - minimum: 0 + error: type: integer - macos: - minimum: 0 + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: type: integer total: - minimum: 0 type: integer - windows: - minimum: 0 + updating: type: integer - description: Successful response + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary + tags: + - Elastic Agent status + /api/fleet/agents: + get: + operationId: get-agents + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false + schema: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list summary + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents tags: - - Security Exceptions API - /api/exceptions/shared: + - Elastic Agents post: - description: > - An exception list groups exception items and can be associated with - detection rules. A shared exception list can apply to multiple detection - rules. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. - operationId: CreateSharedExceptionList + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription - name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + actionIds: + items: + type: string + type: array required: - - name - - description + - policy_id required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}': + delete: + operationId: delete-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID + tags: + - Elastic Agents + get: + operationId: get-agent + parameters: + - $ref: '#/components/parameters/Fleet_with_metrics' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create a shared exception list + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID tags: - - Security Exceptions API - /api/fleet/agent_download_sources: - get: - description: List agent binary download sources - operationId: get-fleet-agent-download-sources + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + tags: + items: + type: string + type: array + user_provided_metadata: + type: object + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - type: array - page: - type: number - perPage: - type: number - total: - type: number + item: + $ref: '#/components/schemas/Fleet_agent' required: - - items - - total - - page - - perPage + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/actions': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: new-agent-action + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + $ref: '#/components/schemas/Fleet_agent_action' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + body: + items: + type: number + type: array + headers: type: string statusCode: type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action tags: - - Elastic Agent binary download sources + - Elastic Agent actions + '/api/fleet/agents/{agentId}/reassign': + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: Create agent binary download source - operationId: post-fleet-agent-download-sources + operationId: reassign-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: + policy_id: type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true + required: + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + put: + deprecated: true + operationId: reassign-agent-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + policy_id: type: string required: - - name - - host + - policy_id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/request_diagnostics': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: request-diagnostics-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + actionId: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics tags: - - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: - delete: - description: Delete agent binary download source by ID - operationId: delete-fleet-agent-download-sources-sourceid + - Elastic Agents + '/api/fleet/agents/{agentId}/unenroll': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: unenroll-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + revoke: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - id: - type: string - required: - - id + description: OK '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -9598,13656 +5599,4930 @@ paths: message: type: string statusCode: + enum: + - 400 type: number - required: - - message - summary: '' + description: BAD REQUEST + summary: Unenroll agent tags: - - Elastic Agent binary download sources - get: - description: Get agent binary download source by ID - operationId: get-fleet-agent-download-sources-sourceid + - Elastic Agents + '/api/fleet/agents/{agentId}/upgrade': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: upgrade-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: sourceId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent tags: - - Elastic Agent binary download sources - put: - description: Update agent binary download source by ID - operationId: put-fleet-agent-download-sources-sourceid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string - required: - - name - - host + - Elastic Agents + '/api/fleet/agents/{agentId}/uploads': + get: + operationId: list-agent-uploads responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + body: type: object properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item + item: + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + type: array + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /api/fleet/agents/action_status: get: - description: List agent policies - operationId: get-fleet-agent-policies + operationId: agents-action-status parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - description: use withAgentCount instead - in: query - name: noAgentCount - required: false - schema: - deprecated: true - type: boolean - - description: get policies with agent count - in: query - name: withAgentCount - required: false - schema: - type: boolean - - description: get full policies with package policies populated - in: query - name: full - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' - in: query - name: format - required: false + name: errorSize schema: - enum: - - simplified - - legacy - type: string + default: 5 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - additionalProperties: false type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true + actionId: + type: string + cancellationTime: type: string - description: + completionTime: type: string - download_source_id: - nullable: true + creationTime: + description: creation time of action type: string - fleet_server_host_id: - nullable: true + expiration: type: string - global_data_tags: + latestErrors: description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + latest errors that happened when the agents executed + the action items: - additionalProperties: false type: object properties: - name: + agentId: + type: string + error: + type: string + timestamp: type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 + nbAgentsAck: + description: number of agents that acknowledged the action type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) type: string - namespace: - minLength: 1 + policyId: + description: policy id (POLICY_CHANGE action) type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array revision: - type: number - schema_version: + description: new policy revision (POLICY_CHANGE action) + type: string + startTime: + description: start time of action (scheduled actions) type: string - space_ids: - items: - type: string - type: array status: enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION type: string version: + description: agent version number (UPGRADE action) type: string required: - - id - - name - - namespace - - is_managed - - is_protected + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed - status - - updated_at - - updated_by - - revision + - creationTime + - type type: array - page: - type: number - perPage: - type: number - total: - type: number required: - items - - total - - page - - perPage + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status + tags: + - Elastic Agent actions + '/api/fleet/agents/actions/{actionId}/cancel': + parameters: + - in: path + name: actionId + required: true + schema: + type: string + post: + operationId: agent-action-cancel + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - Elastic Agent policies + - Elastic Agent actions + /api/fleet/agents/bulk_reassign: post: - description: Create an agent policy - operationId: post-fleet-agent-policies + operationId: bulk-reassign-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: sys_monitoring - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: - additionalProperties: false type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true + type: array + policy_id: + description: new agent policy id type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + required: + - policy_id + - agents + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents + tags: + - Elastic Agents + /api/fleet/agents/bulk_request_diagnostics: + post: + operationId: bulk-request-diagnostics + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + schema: + type: object + properties: + additional_metrics: items: - additionalProperties: false - type: object - properties: - name: + oneOf: + - enum: + - CPU type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces + required: + - agents + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + actionId: type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents + tags: + - Elastic Agents + /api/fleet/agents/bulk_unenroll: + post: + operationId: bulk-unenroll-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + force: false + revoke: true + schema: + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: + - description: list of agent IDs + items: + type: string + type: array + force: + description: Unenrolls hosted agents too type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: - type: string - type: array - supports_agentless: - default: false + includeInactive: description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents type: boolean - unenroll_timeout: - minimum: 0 - type: number required: - - name - - namespace + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: + actionId: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: + - Elastic Agents + /api/fleet/agents/bulk_update_agent_tags: post: - description: Bulk get agent policies - operationId: post-fleet-agent-policies-bulk-get + operationId: bulk-update-agent-tags parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag schema: - additionalProperties: false type: object properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + tagsToAdd: + items: + type: string + type: array + tagsToRemove: items: type: string type: array - ignoreMissing: - type: boolean required: - - ids + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - required: - - items + actionId: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags + tags: + - Elastic Agents + /api/fleet/agents/bulk_upgrade: + post: + operationId: bulk-upgrade-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 + schema: + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + actionId: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: - get: - description: Get an agent policy by ID - operationId: get-fleet-agent-policies-agentpolicyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - Elastic Agents + '/api/fleet/agents/files/{fileId}': + delete: + operationId: delete-agent-upload-file responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + body: type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: + deleted: type: boolean id: type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + '/api/fleet/agents/files/{fileId}/{fileName}': + get: + operationId: get-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent tags: - - Elastic Agent policies - put: - description: Update an agent policy by ID - operationId: put-fleet-agent-policies-agentpolicyid + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /api/fleet/agents/setup: + get: + operationId: get-agents-setup-status + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent setup info + tags: + - Elastic Agents + post: + operationId: setup-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 + admin_password: type: string - namespace: - minLength: 1 + admin_username: type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number required: - - name - - namespace + - admin_username + - admin_password + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup + tags: + - Elastic Agents + /api/fleet/agents/tags: + get: + operationId: get-agent-tags + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags + tags: + - Elastic Agents + /api/fleet/data_streams: + get: + operationId: data-streams-list responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /api/fleet/enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: type: number required: - - message - summary: '' + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: + - Fleet enrollment API keys post: - description: Copy an agent policy by ID - operationId: post-fleet-agent-policies-agentpolicyid-copy + operationId: create-enrollment-api-keys parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - description: - type: string name: - minLength: 1 + description: The name of the enrollment API key. Must be unique. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. type: string required: - - name + - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: + action: + enum: + - created + type: string item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/api/fleet/enrollment_api_keys/{keyId}': + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + action: + enum: + - deleted type: string - statusCode: - type: number required: - - message - summary: '' + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Revoke enrollment API key by ID by marking it as inactive tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: + - Fleet enrollment API keys get: - description: Download an agent policy by ID - operationId: get-fleet-agent-policies-agentpolicyid-download - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean + operationId: get-enrollment-api-key responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' required: - - message - '404': + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - description: Get a full agent policy by ID - operationId: get-fleet-agent-policies-agentpolicyid-full - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + deprecated: true + operationId: create-enrollment-api-keys-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: + action: + enum: + - created + type: string item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - sourceURI: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - monitoring: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - proxy_headers - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - namespaces: - items: - type: string - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - type: - type: string - required: - - type - - proxy_headers - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/api/fleet/enrollment-api-keys/{keyId}': + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + action: + enum: + - deleted type: string - statusCode: - type: number required: - - message - summary: '' + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/outputs: + - Fleet enrollment API keys get: - description: Get list of outputs associated with agent policy by policy id - operationId: get-fleet-agent-policies-agentpolicyid-outputs - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string + deprecated: true + operationId: get-enrollment-api-key-deprecated responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data + $ref: '#/components/schemas/Fleet_enrollment_api_key' required: - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID tags: - - Elastic Agent policies - /api/fleet/agent_policies/delete: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/epm/bulk_assets: post: - description: Delete agent policy by ID - operationId: post-fleet-agent-policies-delete - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: bulk-get-assets requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agentPolicyId: - type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array required: - - agentPolicyId + - assetIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: + get: + operationId: get-package-categories + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories tags: - - Elastic Agent policies - /api/fleet/agent_policies/outputs: - post: - description: Get list of outputs associated with agent policies - operationId: post-fleet-agent-policies-outputs + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /api/fleet/epm/packages: + get: + operationId: list-all-packages parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + default: false + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: category schema: - example: 'true' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - required: - - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - type: array - required: - - items + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: List packages tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - description: Get agent status summary - operationId: get-fleet-agent-status + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover schema: - deprecated: true - type: string + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - results: - additionalProperties: false + _meta: type: object properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - other: - type: number - total: - deprecated: true - type: number - unenrolled: - type: number - updating: - type: number - required: - - events - - total - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active + install_source: + enum: + - upload + - registry + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array required: - - results + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgkey}': + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array required: - - message - summary: '' + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage tags: - - Elastic Agent status - /api/fleet/agent_status/data: + - Elastic Package Manager (EPM) get: - description: Get incoming agent data - operationId: get-fleet-agent-status-data + deprecated: true + operationId: get-package-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: path + name: pkgkey + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - in: query - name: agentsIds + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey required: true schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: previewData - required: false + type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover schema: default: false type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - dataPreview: - items: {} - type: array - items: + response: items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type type: array required: - - items - - dataPreview + - response + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}': + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array required: - - message - summary: '' + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package tags: - - Elastic Agents - /api/fleet/agent-status: - get: - operationId: get-fleet-agent-status-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/agents: + - Elastic Package Manager (EPM) get: - description: List agents - operationId: get-fleet-agents + operationId: get-package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - - in: query - name: showUpgradeable - required: false + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors schema: default: false type: boolean - - in: query - name: getStatusSummary - required: false + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover schema: default: false type: boolean - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string items: items: - additionalProperties: false type: object properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string id: type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type required: - id - - packages - type - - active - - enrolled_at - - local_metadata type: array - list: - deprecated: true + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: items: - additionalProperties: false type: object properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: + id: type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type required: - id - - packages - type - - active - - enrolled_at - - local_metadata type: array - page: - type: number - perPage: - type: number - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number required: - items - - total - - page - - perPage + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + get: + operationId: packages-get-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string + body: + type: object + headers: + type: object statusCode: type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file tags: - - Elastic Agents + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': post: - description: List agents by action ids - operationId: post-fleet-agents + description: '' + operationId: reauthorize-transforms parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - in: path + name: pkgVersion required: true schema: - example: 'true' type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionIds: + transforms: items: - type: string + type: object + properties: + transformId: + type: string type: array - required: - - actionIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - type: string + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error type: array required: - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/stats': + get: + operationId: get-package-stats + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' required: - - message - summary: '' + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package stats tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - description: Delete agent by ID - operationId: delete-fleet-agents-agentid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + /api/fleet/epm/packages/limited: + get: + operationId: list-limited-packages responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - action: - enum: - - deleted - type: string - required: - - action + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + parameters: [] + '/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs': + get: + operationId: get-inputs-template + responses: + '200': + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /api/fleet/epm/verification_key_id: + get: + operationId: packages-get-verification-key-id + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object statusCode: type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID tags: - - Elastic Agents + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/fleet_server_hosts: get: - description: Get agent by ID - operationId: get-fleet-agents-agentid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean + operationId: get-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + post: + operationId: post-fleet-server-hosts + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + '/api/fleet/fleet_server_hosts/{itemId}': + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + id: type: string - statusCode: - type: number required: - - message - summary: '' + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID tags: - - Elastic Agents + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string put: - description: Update agent by ID - operationId: put-fleet-agents-agentid + operationId: update-fleet-server-hosts parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - tags: + host_urls: items: type: string type: array - user_provided_metadata: - additionalProperties: {} - type: object + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata + $ref: '#/components/schemas/Fleet_fleet_server_host' required: - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: + - Fleet Server hosts + /api/fleet/health_check: post: - description: Create agent action - operationId: post-fleet-agents-agentid-actions + operationId: fleet-server-health-check parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - action: - anyOf: - - additionalProperties: false - type: object - properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS - type: string - required: - - type - - data + host: + deprecated: true + type: string + id: + type: string required: - - action + - id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: + host: + deprecated: true type: string - message: + id: + description: Fleet Server host id type: string - statusCode: - type: number - required: - - message - summary: '' + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - post: - description: Reassign agent - operationId: post-fleet-agents-agentid-reassign + - Fleet internals + /api/fleet/kubernetes: + get: + operationId: get-full-k8s-manifest parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: download + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + type: boolean + - in: query + name: fleetServer + required: false schema: - example: 'true' type: string - - in: path - name: agentId - required: true + - in: query + name: enrolToken + required: false schema: type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + item: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest tags: - - Elastic Agent actions - put: - operationId: put-fleet-agents-agentid-reassign - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/agents/{agentId}/request_diagnostics: + - Fleet Kubernetes + /api/fleet/logstash_api_keys: post: - description: Request agent diagnostics - operationId: post-fleet-agents-agentid-request-diagnostics + operationId: generate-logstash-api-key parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: + api_key: type: string - required: - - actionId + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /api/fleet/outputs: + get: + operationId: get-outputs + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/unenroll: - post: - description: Unenroll agent - operationId: post-fleet-agents-agentid-unenroll - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: {} - summary: '' + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/upgrade: + - Fleet outputs post: - description: Upgrade agent - operationId: post-fleet-agents-agentid-upgrade - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + operationId: post-outputs requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: - type: string - version: - type: string - required: - - version + $ref: '#/components/schemas/Fleet_output_create_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: {} + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + '/api/fleet/outputs/{outputId}': + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + id: type: string - statusCode: - type: number required: - - message - summary: '' + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/uploads: + - Fleet outputs get: - description: List agent uploads - operationId: get-fleet-agents-agentid-uploads - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string + operationId: get-output responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId - type: array - required: - - items + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + put: + operationId: update-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID + tags: + - Fleet outputs + '/api/fleet/outputs/{outputId}/health': + get: + operationId: get-output-health + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string message: + description: long message if unhealthy type: string - statusCode: - type: number - required: - - message - summary: '' + state: + description: 'state of output, HEALTHY or DEGRADED' + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health tags: - - Elastic Agents - /api/fleet/agents/action_status: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /api/fleet/package_policies: get: - description: Get agent action status - operationId: get-fleet-agents-action-status + operationId: get-package-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 0 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: date - required: false - schema: - type: string - - in: query - name: latest - required: false - schema: - type: number - - in: query - name: errorSize - required: false - schema: - default: 5 - type: number + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - latestErrors: - items: - additionalProperties: false - description: >- - latest errors that happened when the agents - executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime + $ref: '#/components/schemas/Fleet_package_policy' type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: + - Fleet package policies + /api/fleet/package_policies/_bulk_get: post: - description: Cancel agent action - operationId: post-fleet-agents-actions-actionid-cancel + operationId: bulk-get-package-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: actionId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array required: - - item + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get package policies + tags: + - Fleet package policies + '/api/fleet/package_policies/{packagePolicyId}': + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + id: type: string - statusCode: - type: number required: - - message - summary: '' + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID tags: - - Elastic Agent actions - /api/fleet/agents/available_versions: + - Fleet package policies get: - description: Get available agent versions - operationId: get-fleet-agents-available-versions + operationId: get-package-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - $ref: '#/components/parameters/Fleet_format' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - type: string - type: array + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - items + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID tags: - - Elastic Agents - /api/fleet/agents/bulk_reassign: + - Fleet package policies + /api/fleet/package_policies/delete: post: - description: Bulk reassign agents - operationId: post-fleet-agents-bulk-reassign + operationId: post-delete-package-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false + force: type: boolean - policy_id: - type: string + packagePolicyIds: + items: + type: string + type: array required: - - policy_id - - agents + - packagePolicyIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy tags: - - Elastic Agent actions - /api/fleet/agents/bulk_request_diagnostics: + - Fleet package policies + /api/fleet/package_policies/upgrade: post: - description: Bulk request diagnostics from agents - operationId: post-fleet-agents-bulk-request-diagnostics - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: upgrade-package-policy requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - additional_metrics: + packagePolicyIds: items: - enum: - - CPU type: string type: array - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number required: - - agents + - packagePolicyIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version tags: - - Elastic Agent actions - /api/fleet/agents/bulk_unenroll: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: post: - description: Bulk unenroll agents - operationId: post-fleet-agents-bulk-unenroll - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: upgrade-package-policy-dry-run requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agents: - anyOf: - - items: - description: KQL query string, leave empty to action all agents - type: string - type: array - - description: list of agent IDs - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string required: - - agents + - packagePolicyIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade tags: - - Elastic Agent actions - /api/fleet/agents/bulk_update_agent_tags: - post: - description: Bulk update agent tags - operationId: post-fleet-agents-bulk-update-agent-tags - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents + - Fleet package policies + /api/fleet/proxies: + get: + operationId: get-fleet-proxies responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: - type: string - required: - - actionId + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: List proxies tags: - - Elastic Agent actions - /api/fleet/agents/bulk_upgrade: + - Fleet proxies post: - description: Bulk upgrade agents - operationId: post-fleet-agents-bulk-upgrade - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: post-fleet-proxies requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: + certificate: + type: string + certificate_authorities: type: string - start_time: + certificate_key: type: string - version: + id: + type: string + name: + type: string + proxy_headers: + type: object + url: type: string required: - - agents - - version + - name + - url responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: - type: string - required: - - actionId + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Create proxy tags: - - Elastic Agent actions - /api/fleet/agents/files/{fileId}: + - Fleet proxies + '/api/fleet/proxies/{itemId}': delete: - description: Delete file uploaded by agent - operationId: delete-fleet-agents-files-fileid + operationId: delete-fleet-proxies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: fileId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - deleted: - type: boolean id: type: string required: - id - - deleted + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_proxies' required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}/{fileName}: - get: - description: Get file uploaded by agent - operationId: get-fleet-agents-files-fileid-filename + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-proxies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: + name: type: string - message: + value: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token tags: - - Elastic Agents - /api/fleet/agents/setup: - get: - description: Get agent setup info - operationId: get-fleet-agents-setup + - Fleet service tokens + /api/fleet/service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: >- - A summary of the agent setup status. `isReady` indicates - whether the setup is ready. If the setup is not ready, - `missing_requirements` lists which requirements are missing. type: object properties: - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: + name: type: string - required: - - isReady - - missing_requirements - - missing_optional_features + value: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/settings: + get: + operationId: get-settings + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + delete_unenrolled_agents: + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: type: string - statusCode: - type: number - required: - - message - summary: '' + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings tags: - - Elastic Agents + - Fleet internals + /api/fleet/setup: post: - description: Initiate agent setup - operationId: post-fleet-agents-setup + operationId: setup parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string message: type: string - statusCode: - type: number - required: - - message - summary: '' + description: Internal Server Error + summary: Initiate Fleet setup tags: - - Elastic Agents - /api/fleet/agents/tags: + - Fleet internals + /api/fleet/uninstall_tokens: get: - description: List agent tags - operationId: get-fleet-agents-tags + operationId: get-uninstall-tokens parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: kuery + - description: The number of items to return + in: query + name: perPage required: false schema: - type: string - - in: query - name: showInactive + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId required: false schema: - default: false - type: boolean + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - type: string + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items + - total + - page + - perPage + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + '/api/fleet/uninstall_tokens/{uninstallTokenId}': + get: + operationId: get-uninstall-token + parameters: + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID tags: - - Elastic Agents - /api/fleet/check-permissions: - get: - description: Check permissions - operationId: get-fleet-check-permissions + - Fleet uninstall tokens + /api/lists: + delete: + operationId: DeleteList parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: List's `id` value + in: query + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_Lists_API_ListId' + - in: query + name: deleteReferences + required: false + schema: + default: false + type: boolean - in: query - name: fleetServerSetup + name: ignoreReferences required: false schema: + default: false type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean - required: - - success + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes a list tags: - - Fleet internals - /api/fleet/data_streams: + - Security Lists API get: - description: List data streams - operationId: get-fleet-data-streams + operationId: ReadList parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: List's `id` value + in: query + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_Lists_API_ListId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - type: array - required: - - data_streams + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Data streams - /api/fleet/enrollment_api_keys: - get: - description: List enrollment API keys - operationId: get-fleet-enrollment-api-keys - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list - '400': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Retrieves a list using its id field tags: - - Fleet enrollment API keys - post: - description: Create enrollment API key - operationId: post-fleet-enrollment-api-keys - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - Security Lists API + patch: + operationId: PatchList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - expiration: + _version: type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - type: string - policy_id: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer required: - - policy_id + - id + description: List's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - description: Revoke enrollment API key by ID by marking it as inactive - operationId: delete-fleet-enrollment-api-keys-keyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - get: - description: Get enrollment API key by ID - operationId: get-fleet-enrollment-api-keys-keyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - '400': + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patches a list tags: - - Fleet enrollment API keys - /api/fleet/enrollment-api-keys: - get: - operationId: get-fleet-enrollment-api-keys-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: {} - summary: '' - tags: [] + - Security Lists API post: - operationId: post-fleet-enrollment-api-keys-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: CreateList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - expiration: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: type: string - policy_id: - type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/enrollment-api-keys/{keyId}: - delete: - operationId: delete-fleet-enrollment-api-keys-keyid-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - get: - operationId: get-fleet-enrollment-api-keys-keyid-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/epm/bulk_assets: - post: - description: Bulk get assets - operationId: post-fleet-epm-bulk-assets - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - name + - description + - type + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Creates a list + tags: + - Security Lists API + put: + operationId: UpdateList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - type: array + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer required: - - assetIds + - id + - name + - description + description: List's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - type: array - required: - - items + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - description: List package categories - operationId: get-fleet-epm-categories - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: include_policy_templates - required: false - schema: - type: boolean - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - additionalProperties: false - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - '400': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/custom_integrations: - post: - description: Create custom integration - operationId: post-fleet-epm-custom-integrations - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - type: array - force: - type: boolean - integrationName: - type: string - required: - - integrationName - - datasets - responses: - '200': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Updates a list tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/data_streams: + - Security Lists API + /api/lists/_find: get: - description: List data streams - operationId: get-fleet-epm-data-streams + operationId: FindLists parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The page number to return + in: query + name: page + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: type + type: integer + - description: The number of lists to return per page + in: query + name: per_page required: false schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: datasetQuery + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field required: false schema: - type: string - - in: query - name: sortOrder + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: 'Determines the sort order, which can be `desc` or `asc`' + in: query + name: sort_order required: false schema: - default: asc enum: - - asc - desc + - asc type: string - - in: query - name: uncategorisedOnly + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor required: false schema: - default: false - type: boolean + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Lists_API_List' type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer required: - - items + - data + - page + - per_page + - total + - cursor + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Finds lists tags: - - Data streams - /api/fleet/epm/packages: - get: - description: List packages - operationId: get-fleet-epm-packages - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: category - required: false - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: excludeInstallStatus - required: false - schema: - type: boolean + - Security Lists API + /api/lists/index: + delete: + operationId: DeleteListIndex responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array - response: - items: - additionalProperties: true - deprecated: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array + acknowledged: + type: boolean required: - - items + - acknowledged + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes list data streams tags: - - Elastic Package Manager (EPM) - post: - description: Install package by upload - operationId: post-fleet-epm-packages - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string + - Security Lists API + get: + operationId: ReadListIndex responses: '200': content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array + list_index: + type: boolean + list_item_index: + type: boolean required: - - items - - _meta + - list_index + - list_item_index + description: Successful response '400': content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream(s) not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list data stream existence status tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: + - Security Lists API post: - description: Bulk install packages - operationId: post-fleet-epm-packages-bulk - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - minItems: 1 - type: array - required: - - packages + operationId: CreateListIndex responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array + acknowledged: + type: boolean required: - - items + - acknowledged + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Creates necessary list data streams tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgkey}: + - Security Lists API + /api/lists/items: delete: - operationId: delete-fleet-epm-packages-pkgkey - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] - get: - operationId: get-fleet-epm-packages-pkgkey + operationId: DeleteListItem parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - - in: query - name: ignoreUnverified + - description: Required if `list_id` and `value` are not specified + in: query + name: id required: false schema: - type: boolean - - in: query - name: prerelease + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id required: false schema: - type: boolean - - in: query - name: full + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value required: false schema: - type: boolean - - in: query - name: withMetadata + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh required: false schema: - default: false - type: boolean - responses: {} - summary: '' - tags: [] - post: - operationId: post-fleet-epm-packages-pkgkey - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' + default: 'false' enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: + - 'true' + - 'false' + - wait_for type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] - put: - operationId: put-fleet-epm-packages-pkgkey + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes a list item + tags: + - Security Lists API + get: + operationId: ReadListItem parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false schema: type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Gets a list item + tags: + - Security Lists API + patch: + operationId: PatchListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - keepPoliciesUpToDate: - type: boolean + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - - keepPoliciesUpToDate - responses: {} - summary: '' - tags: [] - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - description: Delete package - operationId: delete-fleet-epm-packages-pkgname-pkgversion - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean + - id + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patches a list item + tags: + - Security Lists API + post: + operationId: CreateListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - nullable: true type: object properties: - force: - type: boolean + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - - force + - list_id + - value + description: List item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Creates a list item tags: - - Elastic Package Manager (EPM) - get: - description: Get package - operationId: get-fleet-epm-packages-pkgname-pkgversion + - Security Lists API + put: + operationId: UpdateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Updates a list item + tags: + - Security Lists API + /api/lists/items/_export: + post: + description: Exports list item values from the specified list + operationId: ExportListItems parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName + - description: List's id to export + in: query + name: list_id required: true schema: - type: string - - in: path - name: pkgVersion + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: A `.txt` file containing list items from the specified list + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Exports list items + tags: + - Security Lists API + /api/lists/items/_find: + get: + operationId: FindListItems + parameters: + - description: List's id + in: query + name: list_id required: true schema: - type: string - - in: query - name: ignoreUnverified + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: The page number to return + in: query + name: page required: false schema: - type: boolean - - in: query - name: prerelease + type: integer + - description: The number of list items to return per page + in: query + name: per_page required: false schema: - type: boolean - - in: query - name: full + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field required: false schema: - type: boolean - - in: query - name: withMetadata + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: 'Determines the sort order, which can be `desc` or `asc`' + in: query + name: sort_order required: false schema: - default: false - type: boolean + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets + cursor: + $ref: >- + #/components/schemas/Security_Lists_API_FindListItemsCursor + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer required: - - item + - data + - page + - per_page + - total + - cursor + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Finds list items tags: - - Elastic Package Manager (EPM) + - Security Lists API + /api/lists/items/_import: post: - description: Install package from registry - operationId: post-fleet-epm-packages-pkgname-pkgversion + description: > + Imports a list of items from a `.txt` or `.csv` file. The maximum file + size is 9 million bytes. + + + You can import items to a new or existing list. + operationId: ImportListItems parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - description: | + List's id. + + Required when importing to an existing list. + in: query + name: list_id + required: false schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: > + Type of the importing list. + + + Required when importing a new list that is `list_id` is not + specified. + in: query + name: type + required: false schema: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListType' - in: query - name: prerelease + name: serializer required: false schema: - type: boolean + type: string - in: query - name: ignoreMappingUpdateErrors + name: deserializer required: false schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh required: false schema: - default: false - type: boolean + enum: + - 'true' + - 'false' + - wait_for + type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - nullable: true type: object properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean + file: + description: >- + A `.txt` or `.csv` file containing newline separated list + items + format: binary + type: string + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List with specified list_id does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Imports list items + tags: + - Security Lists API + /api/lists/privileges: + get: + operationId: ReadListPrivileges + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' required: - - message - summary: '' + - lists + - listItems + - is_authenticated + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Gets list privileges tags: - - Elastic Package Manager (EPM) - put: - description: Update package settings - operationId: put-fleet-epm-packages-pkgname-pkgversion + - Security Lists API + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models. This API runs automatically when you start Kibana and + periodically thereafter. + operationId: mlSync parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync machine learning saved objects + tags: + - ml + /api/note: + delete: + operationId: DeleteNote requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate + oneOf: + - nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + - nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + description: The id of the note to delete. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: true + data: type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + description: Indicates the note was successfully deleted. + summary: Deletes a note from a timeline. tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: + - Security Timeline API + - 'access:securitySolution' get: - description: Get package file - operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath + description: Gets notes + operationId: GetNotes parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: documentIds schema: - default: '2023-10-31' - enum: - - '2023-10-31' + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' + - in: query + name: savedObjectIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + - in: query + name: page + schema: + nullable: true type: string - - in: path - name: pkgName - required: true + - in: query + name: perPage schema: + nullable: true type: string - - in: path - name: pkgVersion - required: true + - in: query + name: search schema: + nullable: true type: string - - in: path - name: filePath - required: true + - in: query + name: sortField schema: + nullable: true type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: - post: - description: Authorize transforms - operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - in: query + name: sortOrder schema: - example: 'true' + nullable: true type: string - - in: path - name: pkgName - required: true + - in: query + name: filter schema: + nullable: true type: string - - in: path - name: pkgVersion - required: true + - in: query + name: createdByFilter schema: + nullable: true type: string - in: query - name: prerelease - required: false + name: associatedFilter schema: - type: boolean + $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object + description: Indicates the requested notes were returned. + summary: Get all notes for a given document. + tags: + - Security Timeline API + - 'access:securitySolution' + patch: + operationId: PersistNoteRoute requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - type: array + eventDataView: + nullable: true + type: string + eventIngested: + nullable: true + type: string + eventTimestamp: + nullable: true + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + noteId: + nullable: true + type: string + overrideOwner: + nullable: true + type: boolean + version: + nullable: true + type: string required: - - transforms + - note + description: The note to persist or update along with additional metadata. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + data: + type: object + properties: + persistNote: + $ref: >- + #/components/schemas/Security_Timeline_API_ResponseNote + required: + - persistNote required: - - message - summary: '' + - data + description: Indicates the note was successfully created. + summary: Persists a note to a timeline. tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: + - Security Timeline API + - 'access:securitySolution' + /api/osquery/live_queries: get: - description: Get package stats - operationId: get-fleet-epm-packages-pkgname-stats + description: Get a list of all live queries. + operationId: OsqueryFindLiveQueries parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName + - in: query + name: query required: true schema: - type: string + $ref: >- + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - required: - - agent_policy_count - required: - - response - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live queries + tags: + - Security Osquery API + post: + description: Create and run a live query. + operationId: OsqueryCreateLiveQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a live query tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/installed: + - Security Osquery API + '/api/osquery/live_queries/{id}': get: - description: Get installed packages - operationId: get-fleet-epm-packages-installed + description: Get the details of a live query using the query ID. + operationId: OsqueryGetLiveQueryDetails parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: dataStreamType - required: false + - in: path + name: id + required: true schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: query - name: showOnlyActiveDataStreams - required: false + name: query schema: - type: boolean - - in: query - name: nameQuery - required: false + additionalProperties: true + type: object + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query details + tags: + - Security Osquery API + '/api/osquery/live_queries/{id}/results/{actionId}': + get: + description: Get the results of a live query using the query action ID. + operationId: OsqueryGetLiveQueryResults + parameters: + - in: path + name: id + required: true schema: - type: string - - in: query - name: searchAfter - required: false + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: path + name: actionId + required: true schema: - items: - anyOf: - - type: string - - type: number - type: array + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: query - name: perPage - required: false + name: query + required: true schema: - default: 15 - type: number + $ref: >- + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query results + tags: + - Security Osquery API + /api/osquery/packs: + get: + description: Get a list of all query packs. + operationId: OsqueryFindPacks + parameters: - in: query - name: sortOrder - required: false + name: query + required: true schema: - default: asc - enum: - - asc - - desc - type: string + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - type: array - total: - type: number - required: - - items - - total - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get packs + tags: + - Security Osquery API + post: + description: Create a query pack. + operationId: OsqueryCreatePacks + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a pack tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/limited: - get: - description: Get limited package list - operationId: get-fleet-epm-packages-limited + - Security Osquery API + '/api/osquery/packs/{id}': + delete: + description: Delete a query pack using the pack ID. + operationId: OsqueryDeletePacks parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: path + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - response: - deprecated: true - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a pack tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: + - Security Osquery API get: - description: Get inputs template - operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs + description: Get the details of a query pack using the pack ID. + operationId: OsqueryGetPacksDetails parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion + name: id required: true schema: - type: string - - in: query - name: format - required: false - schema: - default: json - enum: - - json - - yml - - yaml - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - required: - - id - - type - type: array - required: - - inputs - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get pack details + tags: + - Security Osquery API + put: + description: | + Update a query pack using the pack ID. + > info + > You cannot update a prebuilt pack. + operationId: OsqueryUpdatePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a pack tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/verification_key_id: + - Security Osquery API + /api/osquery/saved_queries: get: - description: Get a package signature verification key ID - operationId: get-fleet-epm-verification-key-id + description: Get a list of all saved queries. + operationId: OsqueryFindSavedQueries parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: query + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: >- + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - id: - nullable: true - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved queries tags: - - Elastic Package Manager (EPM) - /api/fleet/fleet_server_hosts: - get: - description: List Fleet Server hosts - operationId: get-fleet-fleet-server-hosts - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - Security Osquery API + post: + description: Create and run a saved query. + operationId: OsqueryCreateSavedQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a saved query + tags: + - Security Osquery API + '/api/osquery/saved_queries/{id}': + delete: + description: Delete a saved query using the query ID. + operationId: OsqueryDeleteSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a saved query tags: - - Fleet Server hosts - post: - description: Create Fleet Server host - operationId: post-fleet-fleet-server-hosts + - Security Osquery API + get: + description: Get the details of a saved query using the query ID. + operationId: OsqueryGetSavedQueryDetails parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: path + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved query details + tags: + - Security Osquery API + put: + description: | + Update a saved query using the query ID. + > info + > You cannot update a prebuilt saved query. + operationId: OsqueryUpdateSavedQuery + parameters: + - in: path + name: id required: true schema: - example: 'true' - type: string + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a saved query + tags: + - Security Osquery API + /api/pinned_event: + patch: + operationId: PersistPinnedEventRoute requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: + eventId: type: string - proxy_id: + pinnedEventId: nullable: true type: string + timelineId: + type: string required: - - name - - host_urls + - eventId + - timelineId + description: The pinned event to persist or update along with additional metadata. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + data: type: object properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string + persistPinnedEventOnTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number + - persistPinnedEventOnTimeline required: - - message - summary: '' + - data + description: Indicate the event was successfully pinned in the timeline. + summary: Persists a pinned event to a timeline. tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: + - Security Timeline API + - 'access:securitySolution' + /api/risk_score/engine/dangerously_delete_data: delete: - description: Delete Fleet Server host by ID - operationId: delete-fleet-fleet-server-hosts-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - id: - type: string - required: - - id + cleanup_successful: + type: boolean + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + description: Unexpected error + summary: Cleanup the Risk Engine tags: - - Fleet Server hosts - get: - description: Get Fleet Server host by ID - operationId: get-fleet-fleet-server-hosts-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string + - Security Entity Analytics API + /api/risk_score/engine/schedule_now: + post: + operationId: ScheduleRiskEngineNow + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: {} responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + description: Unexpected error + summary: Schedule the risk engine to run as soon as possible tags: - - Fleet Server hosts - put: - description: Update Fleet Server host by ID - operationId: put-fleet-fleet-server-hosts-itemid + - Security Entity Analytics API + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_request schema: - additionalProperties: false type: object properties: - host_urls: - items: - type: string - minItems: 1 - type: array - is_default: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. type: boolean - is_internal: + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - proxy_id + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_response schema: - additionalProperties: false + additionalProperties: true type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Export saved objects tags: - - Fleet Server hosts - /api/fleet/health_check: + - saved objects + /api/saved_objects/_import: post: - description: Check Fleet Server health - operationId: post-fleet-health-check + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false schema: - example: 'true' - type: string + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_request schema: - additionalProperties: false type: object properties: - host: - format: uri - type: string - id: - type: string - required: - - id + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_response schema: - additionalProperties: false - type: object - properties: - host: - deprecated: true - type: string - host_id: - type: string - name: - type: string - status: - type: string - required: - - status - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Import saved objects tags: - - Fleet internals - /api/fleet/kubernetes: - get: - description: Get full K8s agent manifest - operationId: get-fleet-kubernetes - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/security_ai_assistant/anonymization_fields/_bulk_action: + post: + description: >- + Apply a bulk action to multiple anonymization fields. The bulk action is + applied to all anonymization fields that match the filter or to the list + of anonymization fields by their IDs. + operationId: PerformAnonymizationFieldsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of anonymization fields IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter anonymization fields + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - type: string - required: - - item + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -23256,66 +10531,86 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Apply a bulk action to anonymization fields tags: - - Elastic Agent policies - /api/fleet/kubernetes/download: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/anonymization_fields/_find: get: - operationId: get-fleet-kubernetes-download + description: Get a list of all anonymization fields. + operationId: FindAnonymizationFields parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query - name: download + name: fields required: false schema: - type: boolean - - in: query - name: fleetServer + items: + type: string + type: array + - description: Search query + in: query + name: filter required: false schema: type: string - - in: query - name: enrolToken + - description: Field to sort by + in: query + name: sort_field required: false schema: - type: string + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: AnonymizationFields per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer required: - - message - '404': + - page + - perPage + - total + - data + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -23324,49 +10619,33 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Get anonymization fields tags: - - Elastic Agent policies - /api/fleet/logstash_api_keys: + - Security AI Assistant API + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: post: - description: Generate Logstash API key - operationId: post-fleet-logstash-api-keys - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + description: Create a model response for the given chat conversation. + operationId: ChatComplete + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' + required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/octet-stream; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - api_key: - type: string - required: - - api_key + format: binary + type: string + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -23375,55 +10654,122 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Create a model response tags: - - Fleet outputs - /api/fleet/message_signing_service/rotate_key_pair: + - Security AI Assistant API + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: post: - description: Rotate fleet message signing key pair - operationId: post-fleet-message-signing-service-rotate-key-pair - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: + get: + description: Get a list of all conversations for the current user. + operationId: FindConversations + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false schema: - example: 'true' type: string - - in: query - name: acknowledge + - description: Field to sort by + in: query + name: sort_field required: false schema: - default: false - type: boolean + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Conversations per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - message: - type: string + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer required: - - message + - page + - perPage + - total + - data + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -23432,14 +10778,34 @@ paths: type: string statusCode: type: number - required: - - message - '500': + description: Generic Error + summary: Get conversations + tags: + - Security AI Assistant API + - Conversations API + '/api/security_ai_assistant/current_user/conversations/{id}': + delete: + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -23448,755 +10814,75 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Delete a conversation tags: - - Message Signing Service - /api/fleet/outputs: + - Security AI Assistant API + - Conversation API get: - description: List outputs - operationId: get-fleet-outputs + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The conversation's `id` value. + in: path + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: type: object properties: - items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - type: array - page: - type: number - perPage: - type: number - total: + error: + type: string + message: + type: string + statusCode: type: number - required: - - items - - total - - page - - perPage + description: Generic Error + summary: Get a conversation + tags: + - Security AI Assistant API + - Conversations API + put: + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -24205,12970 +10891,161 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Update a conversation tags: - - Fleet outputs + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: post: - description: Create output - operationId: post-fleet-outputs - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - additionalProperties: false + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: type: object properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: + ids: + description: Array of prompts IDs items: - format: uri type: string minItems: 1 type: array - id: + query: + description: Query to filter promps type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - description: Delete output by ID - operationId: delete-fleet-outputs-outputid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - get: - description: Get output by ID - operationId: get-fleet-outputs-outputid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - put: - description: Update output by ID - operationId: put-fleet-outputs-outputid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - description: Get latest output health - operationId: get-fleet-outputs-outputid-health - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/package_policies: - get: - description: List package policies - operationId: get-fleet-package-policies - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - - in: query - name: withAgentCount - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - post: - description: Create package policy - operationId: post-fleet-package-policies - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: >- - Force package policy creation even if package is not - verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - description: >- - You should use inputs as an object and not use the deprecated - inputs array. - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: - post: - description: Bulk get package policies - operationId: post-fleet-package-policies-bulk-get - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - description: Delete package policy by ID - operationId: delete-fleet-package-policies-packagepolicyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - get: - description: Get package policy by ID - operationId: get-fleet-package-policies-packagepolicyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - put: - description: Update package policy by ID - operationId: put-fleet-package-policies-packagepolicyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - description: Bulk delete package policies - operationId: post-fleet-package-policies-delete - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - description: Upgrade package policy to a newer package version - operationId: post-fleet-package-policies-upgrade - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - description: Dry run package policy upgrade - operationId: post-fleet-package-policies-upgrade-dryrun - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: - type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default - to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are - available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - type: array - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - name - - enabled - - inputs - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/proxies: - get: - description: List proxies - operationId: get-fleet-proxies - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - post: - description: Create proxy - operationId: post-fleet-proxies - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - url - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: - delete: - description: Delete proxy by ID - operationId: delete-fleet-proxies-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - get: - description: Get proxy by ID - operationId: get-fleet-proxies-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - put: - description: Update proxy by ID - operationId: put-fleet-proxies-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - proxy_headers - - certificate_authorities - - certificate - - certificate_key - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - description: Create a service token - operationId: post-fleet-service-tokens - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - remote: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - name: - type: string - value: - type: string - required: - - name - - value - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet service tokens - /api/fleet/service-tokens: - post: - description: Create a service token - operationId: post-fleet-service-tokens-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/settings: - get: - description: Get settings - operationId: get-fleet-settings - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - put: - description: Update settings - operationId: put-fleet-settings - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - format: uri - type: string - type: array - has_seen_add_data_notice: - type: boolean - kibana_ca_sha256: - type: string - kibana_urls: - items: - format: uri - type: string - type: array - prerelease_integrations_enabled: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/setup: - post: - description: Initiate Fleet setup - operationId: post-fleet-setup - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet internals - /api/fleet/uninstall_tokens: - get: - description: List metadata for latest uninstall tokens per agent policy - operationId: get-fleet-uninstall-tokens - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Partial match filtering for policy IDs - in: query - name: policyId - required: false - schema: - maxLength: 50 - type: string - - in: query - name: search - required: false - schema: - maxLength: 50 - type: string - - description: The number of items to return - in: query - name: perPage - required: false - schema: - minimum: 5 - type: number - - in: query - name: page - required: false - schema: - minimum: 1 - type: number - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: - get: - description: Get one decrypted uninstall token by its ID - operationId: get-fleet-uninstall-tokens-uninstalltokenid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: uninstallTokenId - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet uninstall tokens - /api/lists: - delete: - description: | - Delete a list using the list ID. - > info - > When you delete a list, all of its list items are also deleted. - operationId: DeleteList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list - tags: - - Security Lists API - get: - description: Get the details of a list using the list ID. - operationId: ReadList - parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list details - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list using the list ID. - operationId: PatchList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list - tags: - - Security Lists API - post: - description: Create a new list. - operationId: CreateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list - tags: - - Security Lists API - put: - description: > - Update a list using the list ID. The original list is replaced, and all - unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - - name - - description - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list - tags: - - Security Lists API - /api/lists/_find: - get: - description: >- - Get a paginated subset of lists. By default, the first page is returned, - with 20 results per page. - operationId: FindLists - parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get lists - tags: - - Security Lists API - /api/lists/index: - delete: - description: Delete the `.lists` and `.items` data streams. - operationId: DeleteListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete list data streams - tags: - - Security Lists API - get: - description: Verify that `.lists` and `.items` data streams exist. - operationId: ReadListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get status of list data streams - tags: - - Security Lists API - post: - description: Create `.lists` and `.items` data streams in the relevant space. - operationId: CreateListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create list data streams - tags: - - Security Lists API - /api/lists/items: - delete: - description: Delete a list item using its `id`, or its `list_id` and `value` fields. - operationId: DeleteListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list item - tags: - - Security Lists API - get: - description: Get the details of a list item. - operationId: ReadListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get a list item - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list item using the list item ID. - operationId: PatchListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list item - tags: - - Security Lists API - post: - description: > - Create a list item and associate it with the specified list. - - - All list items in the same list must be the same type. For example, each - list item in an `ip` list must define a specific IP address. - - > info - - > Before creating a list item, you must create a list. - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list item - tags: - - Security Lists API - put: - description: > - Update a list item using the list item ID. The original list item is - replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list item - tags: - - Security Lists API - /api/lists/items/_export: - post: - description: Export list item values from the specified list. - operationId: ExportListItems - parameters: - - description: List's id to export - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Export list items - tags: - - Security Lists API - /api/lists/items/_find: - get: - description: Get all list items in the specified list. - operationId: FindListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list items - tags: - - Security Lists API - /api/lists/items/_import: - post: - description: > - Import list items from a TXT or CSV file. The maximum file size is 9 - million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems - parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - enum: - - 'true' - - 'false' - - wait_for - type: string - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Import list items - tags: - - Security Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' - required: - - lists - - listItems - - is_authenticated - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list privileges - tags: - - Security Lists API - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects - tags: - - ml - /api/note: - delete: - description: Delete a note from a Timeline using the note ID. - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds - description: The ID of the note to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Delete a note - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get all notes for a given document. - operationId: GetNotes - parameters: - - in: query - name: documentIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - - in: query - name: savedObjectIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' - - in: query - name: page - schema: - nullable: true - type: string - - in: query - name: perPage - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string - - in: query - name: sortOrder - schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - - in: query - name: createdByFilter - schema: - nullable: true - type: string - - in: query - name: associatedFilter - schema: - $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object - description: Indicates the requested notes were returned. - summary: Get notes - tags: - - Security Timeline API - - access:securitySolution - patch: - description: Add a note to a Timeline or update an existing note. - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Add or update a note - tags: - - Security Timeline API - - access:securitySolution - /api/osquery/live_queries: - get: - description: Get a list of all live queries. - operationId: OsqueryFindLiveQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live queries - tags: - - Security Osquery API - post: - description: Create and run a live query. - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Osquery API - /api/osquery/live_queries/{id}: - get: - description: Get the details of a live query using the query ID. - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details - tags: - - Security Osquery API - /api/osquery/live_queries/{id}/results/{actionId}: - get: - description: Get the results of a live query using the query action ID. - operationId: OsqueryGetLiveQueryResults - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: path - name: actionId - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Osquery API - /api/osquery/packs: - get: - description: Get a list of all query packs. - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs - tags: - - Security Osquery API - post: - description: Create a query pack. - operationId: OsqueryCreatePacks - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a pack - tags: - - Security Osquery API - /api/osquery/packs/{id}: - delete: - description: Delete a query pack using the pack ID. - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a pack - tags: - - Security Osquery API - get: - description: Get the details of a query pack using the pack ID. - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get pack details - tags: - - Security Osquery API - put: - description: | - Update a query pack using the pack ID. - > info - > You cannot update a prebuilt pack. - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a pack - tags: - - Security Osquery API - /api/osquery/saved_queries: - get: - description: Get a list of all saved queries. - operationId: OsqueryFindSavedQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved queries - tags: - - Security Osquery API - post: - description: Create and run a saved query. - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Osquery API - /api/osquery/saved_queries/{id}: - delete: - description: Delete a saved query using the query ID. - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a saved query - tags: - - Security Osquery API - get: - description: Get the details of a saved query using the query ID. - operationId: OsqueryGetSavedQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Osquery API - put: - description: | - Update a saved query using the query ID. - > info - > You cannot update a prebuilt saved query. - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a saved query - tags: - - Security Osquery API - /api/pinned_event: - patch: - description: Pin an event to an existing Timeline. - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse - required: - - persistPinnedEventOnTimeline - required: - - data - description: Indicates the event was successfully pinned to the Timeline. - summary: Pin an event - tags: - - Security Timeline API - - access:securitySolution - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API - /api/risk_score/engine/schedule_now: - post: - description: >- - Schedule the risk scoring engine to run as soon as possible. You can use - this to recalculate entity risk scores after updating their asset - criticality. - operationId: ScheduleRiskEngineNow - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: {} - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse - description: Unexpected error - summary: Run the risk scoring engine - tags: - - Security Entity Analytics API - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to anonymization fields - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: - get: - description: Get a list of all anonymization fields. - operationId: FindAnonymizationFields - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a model response - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get conversations - tags: - - Security AI Assistant API - - Conversations API - /api/security_ai_assistant/current_user/conversations/{id}: - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to prompts - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Get a list of all prompts. - operationId: FindPrompts - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get prompts - tags: - - Security AI Assistant API - - Prompts API - /api/security/role: - get: - operationId: get-security-role - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: - '200': - description: Indicates a successful call. - summary: Get all roles - tags: - - roles - /api/security/role/{name}: - delete: - operationId: delete-security-role-name - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a role - tags: - - roles - get: - operationId: get-security-role-name - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The role name. - in: path - name: name - required: true - schema: - minLength: 1 - type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: - '200': - description: Indicates a successful call. - summary: Get a role - tags: - - roles - put: - description: >- - Create a new Kibana role or update the attributes of an existing role. - Kibana roles are stored in the Elasticsearch native realm. - operationId: put-security-role-name - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The role name. - in: path - name: name - required: true - schema: - maxLength: 1024 - minLength: 1 - type: string - - description: When true, a role is not overwritten if it already exists. - in: query - name: createOnly - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: >- - The document fields that the role members have - read access to. - type: string - type: array - type: object - names: - items: - description: >- - The data streams, indices, and aliases to which - the permissions in this entry apply. It supports - wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that the role members - have for the data streams and indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The cluster level privileges for the remote - cluster. The allowed values are a subset of the - cluster privileges. - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - will cover the restricted indices too. - type: boolean - clusters: - items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: >- - The document fields that the role members have - read access to. - type: string - type: array - type: object - names: - items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that role members - have for the specified indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: >- - A base privilege that grants applies to all - spaces. - type: string - type: array - - items: - description: >- - A base privilege that applies to specific - spaces. - type: string - type: array - feature: - additionalProperties: - items: - description: >- - The privileges that the role member has for the - feature. - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - responses: - '204': - description: Indicates a successful call. - summary: Create or update a role - tags: - - roles - /api/security/roles: - post: - operationId: post-security-roles - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field covers the restricted - indices too. - type: boolean - field_security: - additionalProperties: - items: - description: >- - The document fields that the role - members have read access to. - type: string - type: array - type: object - names: - items: - description: >- - The data streams, indices, and aliases to - which the permissions in this entry apply. - It supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that the role - members have for the data streams and - indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role members. - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The cluster level privileges for the - remote cluster. The allowed values are a - subset of the cluster privileges. - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field will cover the restricted - indices too. - type: boolean - clusters: - items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: >- - The document fields that the role - members have read access to. - type: string - type: array - type: object - names: - items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that role - members have for the specified indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role - members. - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - description: >- - A user name that the role member can - impersonate. - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: >- - A base privilege that grants applies to - all spaces. - type: string - type: array - - items: - description: >- - A base privilege that applies to specific - spaces. - type: string - type: array - feature: - additionalProperties: - items: - description: >- - The privileges that the role member has for - the feature. - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles - responses: - '200': - description: Indicates a successful call. - summary: Create or update roles - tags: - - roles - /api/spaces/space: - get: - operationId: get-spaces-space - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: post-spaces-space - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - /api/spaces/space/{id}: - delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: delete-spaces-space-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '404': - description: Indicates that the request failed. - summary: Delete a space - tags: - - spaces - get: - operationId: get-spaces-space-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - description: Indicates a successful call. - summary: Get a space - tags: - - spaces - put: - operationId: put-spaces-space-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - required: - - id - - name + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: array responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse description: Indicates a successful call. - summary: Update a space + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts tags: - - spaces - /api/status: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: get: - operationId: get-status + description: Get a list of all prompts. + operationId: FindPrompts parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: Set to "true" to get the response in v7 format. + - description: Field to sort by in: query - name: v7format + name: sort_field required: false schema: - type: boolean - - description: Set to "true" to get the response in v8 format. + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order in: query - name: v8format + name: sort_order required: false schema: - type: boolean + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts tags: - - system + - Security AI Assistant API + - Prompts API /api/timeline: delete: - description: Delete one or more Timelines or Timeline templates. operationId: DeleteTimelines requestBody: content: @@ -37189,7 +11066,7 @@ paths: type: array required: - savedObjectIds - description: The IDs of the Timelines or Timeline templates to delete. + description: The ids of the timelines or timeline templates to delete. required: true responses: '200': @@ -37207,13 +11084,12 @@ paths: - deleteTimeline required: - data - description: Indicates the Timeline was successfully deleted. - summary: Delete Timelines or Timeline templates + description: Indicates the timeline was successfully deleted. + summary: Deletes one or more timelines or timeline templates. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' get: - description: Get the details of an existing saved Timeline or Timeline template. operationId: GetTimeline parameters: - description: The ID of the template timeline to retrieve @@ -37221,7 +11097,7 @@ paths: name: template_timeline_id schema: type: string - - description: The ID of the Timeline to retrieve. + - description: The ID of the timeline to retrieve in: query name: id schema: @@ -37246,16 +11122,18 @@ paths: - data - additionalProperties: false type: object - description: Indicates that the (template) Timeline was found and returned. - summary: Get Timeline or Timeline template details + description: Indicates that the (template) timeline was found and returned. + summary: >- + Get an existing saved timeline or timeline template. This API is used to + retrieve an existing saved timeline or timeline template. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' patch: description: >- - Update an existing Timeline. You can update the title, description, date - range, pinned events, pinned queries, and/or pinned saved queries of an - existing Timeline. + Updates an existing timeline. This API is used to update the title, + description, date range, pinned events, pinned queries, and/or pinned + saved queries of an existing timeline. operationId: PatchTimeline requestBody: content: @@ -37275,7 +11153,7 @@ paths: - timelineId - version - timeline - description: The Timeline updates, along with the Timeline ID and version. + description: The timeline updates along with the timeline ID and version. required: true responses: '200': @@ -37285,9 +11163,9 @@ paths: $ref: >- #/components/schemas/Security_Timeline_API_PersistTimelineResponse description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. + Indicates that the draft timeline was successfully created. In the + event the user already has a draft timeline, the existing draft + timeline is cleared and returned. '405': content: application/json; Elastic-Api-Version=2023-10-31: @@ -37300,13 +11178,12 @@ paths: type: number description: >- Indicates that the user does not have the required access to create - a draft Timeline. - summary: Update a Timeline + a draft timeline. + summary: Updates an existing timeline. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' post: - description: Create a new Timeline or Timeline template. operationId: CreateTimelines requestBody: content: @@ -37337,7 +11214,7 @@ paths: required: - timeline description: >- - The required Timeline fields used to create a new Timeline, along with + The required timeline fields used to create a new timeline along with optional fields that will be created if not provided. required: true responses: @@ -37347,7 +11224,7 @@ paths: schema: $ref: >- #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates the Timeline was successfully created. + description: Indicates the timeline was successfully created. '405': content: application/json; Elastic-Api-Version=2023-10-31: @@ -37358,11 +11235,11 @@ paths: type: string statusCode: type: number - description: Indicates that there was an error in the Timeline creation. - summary: Create a Timeline or Timeline template + description: Indicates that there was an error in the timeline creation. + summary: Creates a new timeline. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/_copy: get: description: | @@ -37393,13 +11270,9 @@ paths: summary: Copies timeline or timeline template tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/_draft: get: - description: >- - Get the details of the draft Timeline or Timeline template for the - current user. If the user doesn't have a draft Timeline, an empty - Timeline is returned. operationId: GetDraftTimelines parameters: - in: query @@ -37414,10 +11287,10 @@ paths: schema: $ref: >- #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the draft Timeline was successfully retrieved. + description: Indicates that the draft timeline was successfully retrieved. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37426,12 +11299,12 @@ paths: status_code: type: number description: >- - If a draft Timeline was not found and we attempted to create one, it + If a draft timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to - create a draft Timeline. + create a draft timeline. '409': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37440,21 +11313,19 @@ paths: status_code: type: number description: >- - This should never happen, but if a draft Timeline was not found and + This should never happen, but if a draft timeline was not found and we attempted to create one, it indicates that there is already a - draft Timeline with the given `timelineId`. - summary: Get draft Timeline or Timeline template details + draft timeline with the given timelineId. + summary: >- + Retrieves the draft timeline for the current user. If the user does not + have a draft timeline, an empty timeline is returned. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' post: description: > - Create a clean draft Timeline or Timeline template for the current user. - - > info - - > If the user already has a draft Timeline, the existing draft Timeline - is cleared and returned. + Retrieves a clean draft timeline. If a draft timeline does not exist, it + is created and returned. operationId: CleanDraftTimelines requestBody: content: @@ -37467,7 +11338,7 @@ paths: required: - timelineType description: >- - The type of Timeline to create. Valid values are `default` and + The type of timeline to create. Valid values are `default` and `template`. required: true responses: @@ -37478,12 +11349,12 @@ paths: $ref: >- #/components/schemas/Security_Timeline_API_PersistTimelineResponse description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. + Indicates that the draft timeline was successfully created. In the + event the user already has a draft timeline, the existing draft + timeline is cleared and returned. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37493,10 +11364,10 @@ paths: type: number description: >- Indicates that the user does not have the required permissions to - create a draft Timeline. + create a draft timeline. '409': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37505,15 +11376,14 @@ paths: status_code: type: number description: >- - Indicates that there is already a draft Timeline with the given - `timelineId`. - summary: Create a clean draft Timeline or Timeline template + Indicates that there is already a draft timeline with the given + timelineId. + summary: Retrieves a draft timeline or timeline template. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/_export: post: - description: Export Timelines as an NDJSON file. operationId: ExportTimelines parameters: - description: The name of the file to export @@ -37533,16 +11403,16 @@ paths: type: string nullable: true type: array - description: The IDs of the Timelines to export. + description: The ids of the timelines to export required: true responses: '200': content: application/ndjson; Elastic-Api-Version=2023-10-31: schema: - description: NDJSON of the exported Timelines + description: NDJSON of the exported timelines type: string - description: Indicates the Timelines were successfully exported. + description: Indicates the timelines were successfully exported '400': content: application/ndjson; Elastic-Api-Version=2023-10-31: @@ -37553,14 +11423,13 @@ paths: type: string statusCode: type: number - description: Indicates that the export size limit was exceeded. - summary: Export Timelines + description: Indicates that the export size limit was exceeded + summary: Exports timelines as an NDJSON file tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/_favorite: patch: - description: Favorite a Timeline or Timeline template for the current user. operationId: PersistFavoriteRoute requestBody: content: @@ -37585,7 +11454,7 @@ paths: - templateTimelineId - templateTimelineVersion - timelineType - description: The required fields used to favorite a (template) Timeline. + description: The required fields used to favorite a (template) timeline. required: true responses: '200': @@ -37607,7 +11476,7 @@ paths: description: Indicates the favorite status was successfully updated. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37618,13 +11487,12 @@ paths: description: >- Indicates the user does not have the required permissions to persist the favorite status. - summary: Favorite a Timeline or Timeline template + summary: Persists a given users favorite status of a timeline. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/_import: post: - description: Import Timelines. operationId: ImportTimelines requestBody: content: @@ -37640,7 +11508,7 @@ paths: type: string required: - file - description: The Timelines to import as a readable stream. + description: The timelines to import as a readable stream. required: true responses: '200': @@ -37649,7 +11517,7 @@ paths: schema: $ref: >- #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the import of Timelines was successful. + description: Indicates the import of timelines was successful. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -37663,7 +11531,7 @@ paths: statusCode: type: number description: >- - Indicates the import of Timelines was unsuccessful because of an + Indicates the import of timelines was unsuccessful because of an invalid file extension. '404': content: @@ -37690,14 +11558,13 @@ paths: type: string statusCode: type: number - description: Indicates the import of Timelines was unsuccessful. - summary: Import Timelines + description: Indicates the import of timelines was unsuccessful. + summary: Imports timelines. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/_prepackaged: post: - description: Install or update prepackaged Timelines. operationId: InstallPrepackedTimelines requestBody: content: @@ -37725,7 +11592,7 @@ paths: - timelinesToInstall - timelinesToUpdate - prepackagedTimelines - description: The Timelines to install or update. + description: The timelines to install or update. required: true responses: '200': @@ -37734,10 +11601,10 @@ paths: schema: $ref: >- #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the installation of prepackaged Timelines was successful. + description: Indicates the installation of prepackaged timelines was successful. '500': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37746,12 +11613,12 @@ paths: statusCode: type: number description: >- - Indicates the installation of prepackaged Timelines was + Indicates the installation of prepackaged timelines was unsuccessful. - summary: Install prepackaged Timelines + summary: Installs prepackaged timelines. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timeline/resolve: get: operationId: ResolveTimeline @@ -37781,18 +11648,17 @@ paths: - data - additionalProperties: false type: object - description: The (template) Timeline has been found + description: The (template) timeline has been found '400': description: The request is missing parameters '404': - description: The (template) Timeline was not found - summary: Get an existing saved Timeline or Timeline template + description: The (template) timeline was not found + summary: Get an existing saved timeline or timeline template. tags: - Security Timeline API - - access:securitySolution + - 'access:securitySolution' /api/timelines: get: - description: Get a list of all saved Timelines or Timeline templates. operationId: GetTimelines parameters: - description: >- @@ -37869,10 +11735,10 @@ paths: required: - timeline - totalCount - description: Indicates that the (template) Timelines were found and returned. + description: Indicates that the (template) timelines were found and returned. '400': content: - application:json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: type: object properties: @@ -37881,11 +11747,13 @@ paths: statusCode: type: number description: Bad request. The user supplied invalid data. - summary: Get Timelines or Timeline templates + summary: >- + This API is used to retrieve a list of existing saved timelines or + timeline templates. tags: - Security Timeline API - - access:securitySolution - /s/{spaceId}/api/observability/slos: + - 'access:securitySolution' + '/s/{spaceId}/api/observability/slos': get: description: > You must have the `read` privileges for the **SLOs** feature in the @@ -37900,7 +11768,7 @@ paths: name: kqlQuery schema: type: string - - description: The page to use for pagination, must be greater or equal than 1 + - description: 'The page to use for pagination, must be greater or equal than 1' example: 1 in: query name: page @@ -38024,11 +11892,11 @@ paths: $ref: '#/components/schemas/SLOs_409_response' description: Conflict - The SLO id already exists servers: - - url: https://localhost:5601 + - url: 'https://localhost:5601' summary: Create an SLO tags: - slo - /s/{spaceId}/api/observability/slos/_delete_instances: + '/s/{spaceId}/api/observability/slos/_delete_instances': post: description: > The deletion occurs for the specified list of `sloId` and `instanceId`. @@ -38066,11 +11934,11 @@ paths: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response servers: - - url: https://localhost:5601 + - url: 'https://localhost:5601' summary: Batch delete rollup and summary data tags: - slo - /s/{spaceId}/api/observability/slos/{sloId}: + '/s/{spaceId}/api/observability/slos/{sloId}': delete: description: > You must have the `write` privileges for the **SLOs** feature in the @@ -38208,7 +12076,7 @@ paths: summary: Update an SLO tags: - slo - /s/{spaceId}/api/observability/slos/{sloId}/_reset: + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': post: description: > You must have the `write` privileges for the **SLOs** feature in the @@ -38252,7 +12120,7 @@ paths: summary: Reset an SLO tags: - slo - /s/{spaceId}/api/observability/slos/{sloId}/disable: + '/s/{spaceId}/api/observability/slos/{sloId}/disable': post: description: > You must have the `write` privileges for the **SLOs** feature in the @@ -38292,7 +12160,7 @@ paths: summary: Disable an SLO tags: - slo - /s/{spaceId}/api/observability/slos/{sloId}/enable: + '/s/{spaceId}/api/observability/slos/{sloId}/enable': post: description: > You must have the `write` privileges for the **SLOs** feature in the @@ -38342,7 +12210,7 @@ components: runtimeFieldMap: runtime_shape_name: script: - source: emit(doc['shape_name'].value) + source: 'emit(doc[''shape_name''].value)' type: keyword title: logstash-* Data_views_create_runtime_field_request: @@ -38351,7 +12219,7 @@ components: name: runtimeFoo runtimeField: script: - source: emit(doc["foo"].value) + source: 'emit(doc["foo"].value)' type: long Data_views_get_data_view_response: summary: >- @@ -38373,35 +12241,35 @@ components: products.base_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.base_unit_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.min_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.taxful_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.taxless_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' taxful_total_price: id: number params: - pattern: $0,0.[00] + pattern: '$0,0.[00]' taxless_total_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' fields: _id: aggregatable: false @@ -38411,53 +12279,202 @@ components: format: id: string isMapped: true - name: _id + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name readFromDocValues: false scripted: false searchable: true shortDotsEnable: false type: string - _index: + customer_full_name.keyword: aggregatable: true count: 0 esTypes: - - _index + - keyword format: id: string isMapped: true - name: _index - readFromDocValues: false + name: customer_full_name.keyword + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + subType: + multi: + parent: customer_full_name type: string - _score: - aggregatable: false + customer_gender: + aggregatable: true count: 0 + esTypes: + - keyword format: - id: number + id: string isMapped: true - name: _score - readFromDocValues: false + name: customer_gender + readFromDocValues: true scripted: false - searchable: false + searchable: true shortDotsEnable: false - type: number - _source: - aggregatable: false + type: string + customer_id: + aggregatable: true count: 0 esTypes: - - _source + - keyword format: - id: _source + id: string isMapped: true - name: _source - readFromDocValues: false + name: customer_id + readFromDocValues: true scripted: false - searchable: false + searchable: true shortDotsEnable: false - type: _source - category: + type: string + customer_last_name: aggregatable: false count: 0 esTypes: @@ -38465,13 +12482,13 @@ components: format: id: string isMapped: true - name: category + name: customer_last_name readFromDocValues: false scripted: false searchable: true shortDotsEnable: false type: string - category.keyword: + customer_last_name.keyword: aggregatable: true count: 0 esTypes: @@ -38479,16 +12496,16 @@ components: format: id: string isMapped: true - name: category.keyword + name: customer_last_name.keyword readFromDocValues: true scripted: false searchable: true shortDotsEnable: false subType: multi: - parent: category + parent: customer_last_name type: string - currency: + customer_phone: aggregatable: true count: 0 esTypes: @@ -38496,41 +12513,55 @@ components: format: id: string isMapped: true - name: currency + name: customer_phone readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - customer_birth_date: + day_of_week: aggregatable: true count: 0 esTypes: - - date + - keyword format: - id: date + id: string isMapped: true - name: customer_birth_date + name: day_of_week readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false + type: string + day_of_week_i: + aggregatable: true count: 0 esTypes: - - text + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword format: id: string isMapped: true - name: customer_first_name - readFromDocValues: false + name: email + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - customer_first_name.keyword: + event.dataset: aggregatable: true count: 0 esTypes: @@ -38538,30 +12569,27 @@ components: format: id: string isMapped: true - name: customer_first_name.keyword + name: event.dataset readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: customer_first_name type: string - customer_full_name: - aggregatable: false + geoip.city_name: + aggregatable: true count: 0 esTypes: - - text + - keyword format: id: string isMapped: true - name: customer_full_name - readFromDocValues: false + name: geoip.city_name + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - customer_full_name.keyword: + geoip.continent_name: aggregatable: true count: 0 esTypes: @@ -38569,16 +12597,13 @@ components: format: id: string isMapped: true - name: customer_full_name.keyword + name: geoip.continent_name readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: customer_full_name type: string - customer_gender: + geoip.country_iso_code: aggregatable: true count: 0 esTypes: @@ -38586,13 +12611,29 @@ components: format: id: string isMapped: true - name: customer_gender + name: geoip.country_iso_code readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - customer_id: + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: aggregatable: true count: 0 esTypes: @@ -38600,13 +12641,13 @@ components: format: id: string isMapped: true - name: customer_id + name: geoip.region_name readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - customer_last_name: + manufacturer: aggregatable: false count: 0 esTypes: @@ -38614,13 +12655,13 @@ components: format: id: string isMapped: true - name: customer_last_name + name: manufacturer readFromDocValues: false scripted: false searchable: true shortDotsEnable: false type: string - customer_last_name.keyword: + manufacturer.keyword: aggregatable: true count: 0 esTypes: @@ -38628,16 +12669,30 @@ components: format: id: string isMapped: true - name: customer_last_name.keyword + name: manufacturer.keyword readFromDocValues: true scripted: false searchable: true shortDotsEnable: false subType: multi: - parent: customer_last_name + parent: manufacturer type: string - customer_phone: + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: aggregatable: true count: 0 esTypes: @@ -38645,13 +12700,27 @@ components: format: id: string isMapped: true - name: customer_phone + name: order_id readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - day_of_week: + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: aggregatable: true count: 0 esTypes: @@ -38659,69 +12728,135 @@ components: format: id: string isMapped: true - name: day_of_week + name: products._id.keyword readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + subType: + multi: + parent: products._id type: string - day_of_week_i: + products.base_price: aggregatable: true count: 0 esTypes: - - integer + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: '$0,0.00' + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date format: - id: number + id: date isMapped: true - name: day_of_week_i + name: products.created_on readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - email: + type: date + products.discount_amount: aggregatable: true count: 0 esTypes: - - keyword + - half_float format: - id: string + id: number isMapped: true - name: email + name: products.discount_amount readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - event.dataset: + type: number + products.discount_percentage: aggregatable: true count: 0 esTypes: - - keyword + - half_float format: - id: string + id: number isMapped: true - name: event.dataset + name: products.discount_percentage readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - geoip.city_name: - aggregatable: true - count: 0 + type: number + products.manufacturer: + aggregatable: false + count: 1 esTypes: - - keyword + - text format: id: string isMapped: true - name: geoip.city_name - readFromDocValues: true + name: products.manufacturer + readFromDocValues: false scripted: false searchable: true shortDotsEnable: false type: string - geoip.continent_name: + products.manufacturer.keyword: aggregatable: true count: 0 esTypes: @@ -38729,71 +12864,76 @@ components: format: id: string isMapped: true - name: geoip.continent_name + name: products.manufacturer.keyword readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + subType: + multi: + parent: products.manufacturer type: string - geoip.country_iso_code: + products.min_price: aggregatable: true count: 0 esTypes: - - keyword + - half_float format: - id: string + id: number + params: + pattern: '$0,0.00' isMapped: true - name: geoip.country_iso_code + name: products.min_price readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - geoip.location: + type: number + products.price: aggregatable: true - count: 0 + count: 1 esTypes: - - geo_point + - half_float format: - id: geo_point + id: number params: - transform: wkt + pattern: '$0,0.00' isMapped: true - name: geoip.location + name: products.price readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: geo_point - geoip.region_name: + type: number + products.product_id: aggregatable: true count: 0 esTypes: - - keyword + - long format: - id: string + id: number isMapped: true - name: geoip.region_name + name: products.product_id readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - manufacturer: + type: number + products.product_name: aggregatable: false - count: 0 + count: 1 esTypes: - text format: id: string isMapped: true - name: manufacturer + name: products.product_name readFromDocValues: false scripted: false searchable: true shortDotsEnable: false type: string - manufacturer.keyword: + products.product_name.keyword: aggregatable: true count: 0 esTypes: @@ -38801,30 +12941,30 @@ components: format: id: string isMapped: true - name: manufacturer.keyword + name: products.product_name.keyword readFromDocValues: true scripted: false searchable: true shortDotsEnable: false subType: multi: - parent: manufacturer + parent: products.product_name type: string - order_date: + products.quantity: aggregatable: true count: 0 esTypes: - - date + - integer format: - id: date + id: number isMapped: true - name: order_date + name: products.quantity readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: date - order_id: + type: number + products.sku: aggregatable: true count: 0 esTypes: @@ -38832,44 +12972,43 @@ components: format: id: string isMapped: true - name: order_id + name: products.sku readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - products._id: - aggregatable: false + products.tax_amount: + aggregatable: true count: 0 esTypes: - - text + - half_float format: - id: string + id: number isMapped: true - name: products._id - readFromDocValues: false + name: products.tax_amount + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - products._id.keyword: + type: number + products.taxful_price: aggregatable: true count: 0 esTypes: - - keyword + - half_float format: - id: string + id: number + params: + pattern: '$0,0.00' isMapped: true - name: products._id.keyword + name: products.taxful_price readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: products._id - type: string - products.base_price: + type: number + products.taxless_price: aggregatable: true count: 0 esTypes: @@ -38877,195 +13016,268 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true - name: products.base_price + name: products.taxless_price readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - products.base_unit_price: + products.unit_discount_amount: aggregatable: true count: 0 esTypes: - half_float format: id: number - params: - pattern: $0,0.00 isMapped: true - name: products.base_unit_price + name: products.unit_discount_amount readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - products.category: - aggregatable: false + sku: + aggregatable: true count: 0 esTypes: - - text + - keyword format: id: string isMapped: true - name: products.category - readFromDocValues: false + name: sku + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - products.category.keyword: + taxful_total_price: aggregatable: true count: 0 esTypes: - - keyword + - half_float format: - id: string + id: number + params: + pattern: '$0,0.[00]' isMapped: true - name: products.category.keyword + name: taxful_total_price readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: products.category - type: string - products.created_on: + type: number + taxless_total_price: aggregatable: true count: 0 esTypes: - - date + - half_float format: - id: date + id: number + params: + pattern: '$0,0.00' isMapped: true - name: products.created_on + name: taxless_total_price readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: date - products.discount_amount: + type: number + total_quantity: aggregatable: true - count: 0 + count: 1 esTypes: - - half_float + - integer format: id: number isMapped: true - name: products.discount_amount + name: total_quantity readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - products.discount_percentage: + total_unique_products: aggregatable: true count: 0 esTypes: - - half_float + - integer format: id: number isMapped: true - name: products.discount_percentage + name: total_unique_products readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - products.manufacturer: + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: + data_view: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: '$0,0.[00]' + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: aggregatable: false - count: 1 + count: 0 esTypes: - - text + - _id format: id: string isMapped: true - name: products.manufacturer + name: _id readFromDocValues: false scripted: false searchable: true shortDotsEnable: false type: string - products.manufacturer.keyword: + _index: aggregatable: true count: 0 esTypes: - - keyword + - _index format: id: string isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true + name: _index + readFromDocValues: false scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: products.manufacturer type: string - products.min_price: - aggregatable: true + _score: + aggregatable: false count: 0 - esTypes: - - half_float format: id: number - params: - pattern: $0,0.00 isMapped: true - name: products.min_price - readFromDocValues: true + name: _score + readFromDocValues: false scripted: false - searchable: true + searchable: false shortDotsEnable: false type: number - products.price: - aggregatable: true - count: 1 + _source: + aggregatable: false + count: 0 esTypes: - - half_float + - _source format: - id: number - params: - pattern: $0,0.00 + id: _source isMapped: true - name: products.price - readFromDocValues: true + name: _source + readFromDocValues: false scripted: false - searchable: true + searchable: false shortDotsEnable: false - type: number - products.product_id: + type: _source + AvgTicketPrice: aggregatable: true count: 0 esTypes: - - long + - float format: id: number + params: + pattern: '$0,0.[00]' isMapped: true - name: products.product_id + name: AvgTicketPrice readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - products.product_name: - aggregatable: false - count: 1 + Cancelled: + aggregatable: true + count: 0 esTypes: - - text + - boolean format: - id: string + id: boolean isMapped: true - name: products.product_name - readFromDocValues: false + name: Cancelled + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - products.product_name.keyword: + type: boolean + Carrier: aggregatable: true count: 0 esTypes: @@ -39073,16 +13285,13 @@ components: format: id: string isMapped: true - name: products.product_name.keyword + name: Carrier readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: products.product_name type: string - products.quantity: + dayOfWeek: aggregatable: true count: 0 esTypes: @@ -39090,13 +13299,13 @@ components: format: id: number isMapped: true - name: products.quantity + name: dayOfWeek readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - products.sku: + Dest: aggregatable: true count: 0 esTypes: @@ -39104,73 +13313,85 @@ components: format: id: string isMapped: true - name: products.sku + name: Dest readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - products.tax_amount: + DestAirportID: aggregatable: true count: 0 esTypes: - - half_float + - keyword format: - id: number + id: string isMapped: true - name: products.tax_amount + name: DestAirportID readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - products.taxful_price: + type: string + DestCityName: aggregatable: true count: 0 esTypes: - - half_float + - keyword format: - id: number - params: - pattern: $0,0.00 + id: string isMapped: true - name: products.taxful_price + name: DestCityName readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - products.taxless_price: + type: string + DestCountry: aggregatable: true count: 0 esTypes: - - half_float + - keyword format: - id: number + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point params: - pattern: $0,0.00 + transform: wkt isMapped: true - name: products.taxless_price + name: DestLocation readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - products.unit_discount_amount: + type: geo_point + DestRegion: aggregatable: true count: 0 esTypes: - - half_float + - keyword format: - id: number + id: string isMapped: true - name: products.unit_discount_amount + name: DestRegion readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - sku: + type: string + DestWeather: aggregatable: true count: 0 esTypes: @@ -39178,59 +13399,55 @@ components: format: id: string isMapped: true - name: sku + name: DestWeather readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - taxful_total_price: + DistanceKilometers: aggregatable: true count: 0 esTypes: - - half_float + - float format: id: number - params: - pattern: $0,0.[00] isMapped: true - name: taxful_total_price + name: DistanceKilometers readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - taxless_total_price: + DistanceMiles: aggregatable: true count: 0 esTypes: - - half_float + - float format: id: number - params: - pattern: $0,0.00 isMapped: true - name: taxless_total_price + name: DistanceMiles readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - total_quantity: + FlightDelay: aggregatable: true - count: 1 + count: 0 esTypes: - - integer + - boolean format: - id: number + id: boolean isMapped: true - name: total_quantity + name: FlightDelay readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - total_unique_products: + type: boolean + FlightDelayMin: aggregatable: true count: 0 esTypes: @@ -39238,13 +13455,13 @@ components: format: id: number isMapped: true - name: total_unique_products + name: FlightDelayMin readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - type: + FlightDelayType: aggregatable: true count: 0 esTypes: @@ -39252,13 +13469,13 @@ components: format: id: string isMapped: true - name: type + name: FlightDelayType readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - user: + FlightNum: aggregatable: true count: 0 esTypes: @@ -39266,150 +13483,102 @@ components: format: id: string isMapped: true - name: user + name: FlightNum readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: $0,0.[00] - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false + FlightTimeHour: + aggregatable: true count: 0 esTypes: - - _id + - keyword format: id: string isMapped: true - name: _id - readFromDocValues: false + name: FlightTimeHour + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - _index: + FlightTimeMin: aggregatable: true count: 0 esTypes: - - _index + - float format: - id: string + id: number isMapped: true - name: _index - readFromDocValues: false + name: FlightTimeMin + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - _score: - aggregatable: false + type: number + hour_of_day: + aggregatable: true count: 0 + esTypes: + - long format: id: number - isMapped: true - name: _score + params: + pattern: '00' + name: hour_of_day readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long scripted: false - searchable: false + searchable: true shortDotsEnable: false type: number - _source: - aggregatable: false + Origin: + aggregatable: true count: 0 esTypes: - - _source + - keyword format: - id: _source + id: string isMapped: true - name: _source - readFromDocValues: false + name: Origin + readFromDocValues: true scripted: false - searchable: false + searchable: true shortDotsEnable: false - type: _source - AvgTicketPrice: + type: string + OriginAirportID: aggregatable: true count: 0 esTypes: - - float + - keyword format: - id: number - params: - pattern: $0,0.[00] + id: string isMapped: true - name: AvgTicketPrice + name: OriginAirportID readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - Cancelled: + type: string + OriginCityName: aggregatable: true count: 0 esTypes: - - boolean + - keyword format: - id: boolean + id: string isMapped: true - name: Cancelled + name: OriginCityName readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: boolean - Carrier: + type: string + OriginCountry: aggregatable: true count: 0 esTypes: @@ -39417,27 +13586,29 @@ components: format: id: string isMapped: true - name: Carrier + name: OriginCountry readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - dayOfWeek: + OriginLocation: aggregatable: true count: 0 esTypes: - - integer + - geo_point format: - id: number + id: geo_point + params: + transform: wkt isMapped: true - name: dayOfWeek + name: OriginLocation readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - Dest: + type: geo_point + OriginRegion: aggregatable: true count: 0 esTypes: @@ -39445,13 +13616,13 @@ components: format: id: string isMapped: true - name: Dest + name: OriginRegion readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - DestAirportID: + OriginWeather: aggregatable: true count: 0 esTypes: @@ -39459,1099 +13630,3056 @@ components: format: id: string isMapped: true - name: DestAirportID + name: OriginWeather readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - DestCityName: + timestamp: aggregatable: true count: 0 esTypes: - - keyword + - date format: - id: string + id: date isMapped: true - name: DestCityName + name: timestamp readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: 'emit(doc["bar"].value)' + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Serverless_saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Serverless_saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Serverless_saved_objects_import_objects_request: + value: + file: file.ndjson + Serverless_saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + parameters: + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Fleet_format: + description: Simplified or legacy format for package inputs + in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf + required: true + schema: + type: string + Fleet_kuery: + in: query + name: kuery + required: false + schema: + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: 'Return agent metrics, false by default' + in: query + name: withMetrics + required: false + schema: + type: boolean + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Serverless_saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: + Data_views_400_response: + title: Bad request + type: object + properties: + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: The data view name. type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean + required: + - data_view + Data_views_data_view_response_object: + title: Data view response properties + type: object + properties: + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: The data view name. type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + Data_views_fieldattrs: + description: A map of field attributes by field name. + type: object + properties: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 + type: string + customLabel: + description: Custom label for the field. + type: string + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. + type: string + required: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request + type: object + properties: + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. + type: string + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. + type: string + required: + - fromId + - toId + Data_views_timefieldname: + description: 'The timestamp field name, which you use for time-based data views.' + type: string + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: 'When set to `rollup`, identifies the rollup data views.' + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + required: + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request + type: object + properties: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean + required: + - data_view + Fleet_agent: + title: Agent + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + components: + items: + $ref: '#/components/schemas/Fleet_agent_component' + type: array + default_api_key: + type: string + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + metrics: + type: object + properties: + cpu_avg: + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false + memory_size_byte_avg: + description: Average agent memory consumption during the last 5 minutes type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + policy_id: + type: string + policy_revision: + type: number + status: + $ref: '#/components/schemas/Fleet_agent_status' + type: + $ref: '#/components/schemas/Fleet_agent_type' + unenrolled_at: + type: string + unenrollment_started_at: + type: string + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + required: + - type + - active + - enrolled_at + - id + - status + Fleet_agent_action: + oneOf: + - properties: + ack_data: type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + data: type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + - properties: + data: + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + type: type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + title: Agent action + Fleet_agent_component: + title: Agent component + type: object + properties: + id: + type: string + message: + type: string + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + type: string + units: + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' + type: array + Fleet_agent_component_status: + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + title: Agent component status + type: string + Fleet_agent_component_unit: + title: Agent component unit + type: object + properties: + id: + type: string + message: + type: string + payload: + type: object + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + Fleet_agent_component_unit_type: + enum: + - input + - output + title: Agent component unit type + type: string + Fleet_agent_diagnostics: + title: Agent diagnostics + type: object + properties: + actionId: + type: string + createTime: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS + required: + - id + - name + - createTime + - filePath + - actionId + - status + Fleet_agent_get_by_actions: + items: + items: + type: string + type: array + title: Agents get by action ids + type: array + Fleet_agent_metadata: + title: Agent metadata + type: object + Fleet_agent_policy: + title: Agent Policy + type: object + properties: + advanced_settings: + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs + nullable: true + type: object + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + type: string + namespace: + type: string + overrides: + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + revision: + type: number + supports_agentless: + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + type: boolean + unenroll_timeout: + type: integer + unprivileged_agents: + type: number + updated_by: + type: string + updated_on: + format: date-time + type: string + required: + - id + - status + - name + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_policy_full: + oneOf: + - type: object + properties: + item: + type: string + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + title: Agent policy full response + type: object + Fleet_agent_policy_update_request: + title: Update agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_status: + enum: + - offline + - error + - online + - inactive + - warning + title: Elastic Agent status + type: string + Fleet_agent_type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + title: Agent type + type: string + Fleet_bulk_install_packages_response: + title: Bulk install packages response + type: object + properties: + items: + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + response: + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + required: + - items + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + rollout_duration_seconds: + description: rolling upgrade window duration in seconds + type: number + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + description: alternative upgrade binary download url + type: string + start_time: + description: start time of upgrade in ISO 8601 format + type: string + version: + description: version to upgrade to + type: string + required: + - agents + - version + Fleet_data_stream: + title: Data stream + type: object + properties: + dashboard: + items: + type: object + properties: + id: + type: string + title: + type: string + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + size_in_bytes: + type: number + size_in_bytes_formatted: + type: string + type: + type: string + Fleet_download_sources: + title: Download Source + type: object + properties: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the proxies + API for more information. + nullable: true + type: string + required: + - is_default + - name + - host + Fleet_elasticsearch_asset_type: + enum: + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + title: Elasticsearch asset type + type: string + Fleet_enrollment_api_key: + title: Enrollment API key + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and cannot be used for + enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + Fleet_fleet_server_host: + title: Fleet Server Host + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + type: string + required: + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + Fleet_fleet_settings_response: + title: Fleet settings response + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_setup_response: + title: Fleet Setup response + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + Fleet_fleet_status_response: + title: Fleet status response + type: object + properties: + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + Fleet_full_agent_policy: + title: Full agent policy + type: object + properties: + agent: + nullable: true + type: string + fleet: + oneOf: + - type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + id: + type: string + inputs: + type: string + monitoring: + type: object + properties: + diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + enabled: + type: boolean + http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + pprof: + type: object + properties: + enabled: + type: boolean + required: + - enabled + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + output_permissions: + additionalProperties: + type: object + properties: + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + output: + type: integer + type: object + outputs: + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + type: object + revision: + type: number + secret_references: + items: + type: object + properties: + id: + type: string + type: array + required: + - id + - outputs + - inputs + Fleet_full_agent_policy_input: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + id: type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: emit(doc["bar"].value) - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Serverless_saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Serverless_saved_objects_import_objects_request: - value: - file: file.ndjson - Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - parameters: - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Serverless_saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - schemas: - Data_views_400_response: - title: Bad request + additionalProperties: true + type: object + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + revision: + type: number + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + title: Full agent policy input + Fleet_full_agent_policy_input_stream: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + - type + id: + type: string + required: + - id + - data_stream + title: Full agent policy input stream + Fleet_full_agent_policy_output: + title: Full agent policy + type: object + properties: + additionalProperties: + type: object + properties: + text: {} + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + type: {} + required: + - type + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + additionalProperties: + type: object + properties: + data: + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + type: object + properties: + names: + items: + type: string + type: array + privileges: + items: + type: string + type: array + type: array + packagePolicyName: + type: string + title: Full agent policy output permissions + Fleet_get_agent_tags_response: + title: Get Agent Tags response + type: object + properties: + items: + items: + type: string + type: array + Fleet_get_agents_response: + title: Get Agent response + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + page: + type: number + perPage: + type: number + statusSummary: + type: object + properties: + degraded': + type: number + enrolling: + type: number + error: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + unenrolled: + type: number + unenrolling: + type: number + updating: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + Fleet_get_bulk_assets_response: + deprecated: true + properties: + items: + items: + type: object + properties: + appLink: + type: string + attributes: + type: object + properties: + description: + type: string + title: + type: string + id: + type: string + type: + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: + type: string + type: array + required: + - items + title: Bulk get assets response + type: object + Fleet_get_categories_response: + title: Get categories response + type: object + properties: + items: + items: + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + required: + - items + Fleet_get_packages_response: + title: Get Packages response + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + response: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + required: + - items + Fleet_installation_info: + title: Installation info object type: object properties: - error: - example: Bad Request + created_at: + type: string + experimental_data_stream_features: + type: array + properties: + data_stream: + type: string + features: + type: object + properties: + doc_value_only_numeric: + nullable: true + type: boolean + doc_value_only_other: + nullable: true + type: boolean + synthetic_source: + nullable: true + type: boolean + tsdb: + nullable: true + type: boolean + install_format_schema_version: + type: string + install_kibana_space_id: + type: string + install_source: + enum: + - registry + - upload + - bundled + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + installed_kibana: + type: object + properties: + id: + type: string + type: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + latest_executed_state: + description: Latest successfully executed state in package install state machine + type: object + properties: + error: + type: string + name: + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so + type: string + started_at: + type: string + latest_install_failed_attempts: + description: Latest failed install errors + items: + type: object + properties: + created_at: + type: string + error: + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + target_version: + type: string + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - verified + - unverified + - unknown + type: string + version: + type: string + required: + - installed_kibana + - installed_es + - name + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_kibana_saved_object_type: + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + title: Kibana saved object asset type + type: string + Fleet_new_package_policy: + description: '' + properties: + description: + type: string + enabled: + type: boolean + inputs: + items: + type: object + properties: + config: + type: object + enabled: + type: boolean + processors: + items: + type: string + type: array + streams: + items: {} + type: array + type: + type: string + vars: + type: object + required: + - type + - enabled + type: array + name: + type: string + namespace: + type: string + output_id: + type: string + overrides: + type: object + package: + type: object + properties: + name: + type: string + requires_root: + type: boolean + title: + type: string + version: + type: string + required: + - name + - version + policy_id: + deprecated: true + nullable: true + type: string + policy_ids: + items: + type: string + type: array + required: + - inputs + - name + title: New package policy + type: object + Fleet_output_create_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + title: Output + Fleet_output_create_request_elasticsearch: + title: elasticsearch + type: object + properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + Fleet_output_create_request_kafka: + title: kafka + type: object + properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string + name: + type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string + secrets: + type: object + properties: + password: + type: string + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka type: string - message: + username: + type: string + version: type: string - statusCode: - example: 400 - type: number required: - - statusCode - - error - - message - Data_views_404_response: + - name + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash type: object properties: - error: - enum: - - Not Found - example: Not Found + ca_sha256: type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found + ca_trusted_fingerprint: type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + type: string + secrets: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: + ssl: type: object - id: + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - name: - description: The data view name. + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + certificate_authorities: + items: + type: string + type: array + key: type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. + type: + enum: + - logstash + type: string + required: + - name + - hosts + - type + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch + type: object + properties: + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: type: boolean + name: + type: string + secrets: + type: object + properties: + service_token: + type: string + service_token: + type: string + type: + enum: + - remote_elasticsearch + type: string required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties + - name + Fleet_output_update_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + title: Output + Fleet_output_update_request_elasticsearch: + title: elasticsearch type: object properties: - data_view: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - name: - description: The data view name. + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd + certificate_authorities: + items: + type: string + type: array + key: type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + type: + enum: + - elasticsearch + type: string + required: + - name + - hosts + - type + Fleet_output_update_request_kafka: + title: kafka type: object properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 + auth_type: type: string - customLabel: - description: Custom label for the field. + broker_timeout: + type: number + ca_sha256: type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string + name: + type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: type: object properties: - source: - description: Script for the runtime field. + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: type: string - type: - description: Mapping type of the runtime field. - type: string - required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object - properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: type: string type: array - forType: - description: Limit the affected saved objects by type. + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: type: string - fromId: - description: The saved object reference to change. + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + username: type: string - toId: - description: New saved object reference value to replace the old value. + version: type: string required: - - fromId - - toId - Data_views_timefieldname: - description: The timestamp field name, which you use for time-based data views. - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: When set to `rollup`, identifies the rollup data views. - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true + - name + Fleet_output_update_request_logstash: + title: logstash type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: type: object - params: - description: Properties for retrieving rollup fields. + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + type: string + shipper: type: object - Data_views_update_data_view_request_object: - title: Update data view request - type: object - properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: + certificate: type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string required: - - data_view - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. + - name + Fleet_package_info: + title: Package information type: object properties: - status: - additionalProperties: false + agent: type: object properties: - overall: - additionalProperties: false + privileges: type: object properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical + root: + type: boolean + asset_tags: + items: + type: object + properties: + asset_ids: + items: type: string - required: - - level - required: - - overall - required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. - type: object - properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + items: + type: string + type: array + categories: + items: + type: string + type: array + conditions: type: object properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. + elasticsearch: type: object properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false - type: object - properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. + subscription: + enum: + - basic + - gold + - platinum + - enterprise + type: string + kibana: type: object properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false + versions: + type: string + data_streams: + items: + type: object + properties: + ingeset_pipeline: + type: string + name: + type: string + package: + type: string + release: + type: string + title: + type: string + type: + type: string + vars: + items: type: object properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical + default: type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. + name: type: string required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false + - name + - default + type: array + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + type: array + description: + type: string + discovery: + type: object + properties: + fields: + items: type: object properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. + name: type: string required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. + - name + type: array + download: + type: string + elasticsearch: + type: object + properties: + privileges: type: object + properties: + cluster: + items: + type: string + type: array + format_version: + type: string + icons: + items: + type: string + type: array + internal: + type: boolean + name: + type: string + owner: + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string required: - - overall - - core - - plugins - uuid: + - github + path: + type: string + readme: + type: string + release: + deprecated: true description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. + release label is deprecated, derive from the version instead + (packages follow semver) + enum: + - experimental + - beta + - ga type: string - version: - additionalProperties: false + screenshots: + items: + type: object + properties: + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + - path + type: array + source: type: object properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. + license: enum: - - serverless - - traditional + - Apache-2.0 + - Elastic-2.0 type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. + title: + type: string + type: + enum: + - integration + - input + - content + type: string + version: + type: string + required: + - name + - title + - version + - description + - type + - categories + - conditions + - assets + - format_version + - download + - path + - owner + Fleet_package_policy: + allOf: + - type: object + properties: + id: type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. + inputs: + oneOf: + - items: {} + type: array + - type: object + revision: type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. + required: + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + title: Package policy + Fleet_package_policy_request: + title: Package Policy Request + type: object + properties: + description: + description: Package policy description + example: my description + type: string + force: + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that input, (default to true)' + type: boolean + streams: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that stream, (default to true)' + type: boolean + vars: + description: >- + Stream level variable (see integration documentation for + more information) + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + type: object + vars: + description: >- + Input level variable (see integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + ignore_older: 72h + paths: + - /var/log/nginx/access.log* + preserve_original_event: false + tags: + - nginx-access + type: object + name: + description: Package policy name (should be unique) + example: nginx-123 + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace + type: string + output_id: + description: Output ID to send package data to + example: output-id + nullable: true + type: string + overrides: + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true + type: object + properties: + inputs: + type: object + package: + type: object + properties: + name: + description: Package name + example: nginx + type: string + version: + description: Package version + example: 1.6.0 type: string required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + example: agent-policy-id + nullable: true + type: string + policy_ids: + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id + items: + type: string + type: array + vars: + description: >- + Package root level variable (see integration documentation for more + information) + type: object + required: + - name + - package + Fleet_package_usage_stats: + title: Package usage stats + type: object + properties: + agent_policy_count: + type: integer + required: + - agent_policy_count + Fleet_proxies: + title: Fleet Proxy + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + Fleet_saved_object_type: + oneOf: + - enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + type: string + - enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model + type: string + title: Saved Object type + Fleet_search_result: + title: Search result + type: object + properties: + description: + type: string + download: + type: string + icons: + type: string + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + name: + type: string + path: + type: string + savedObject: + deprecated: true + type: object + status: + type: string + title: + type: string + type: + type: string + version: + type: string required: + - description + - download + - icons - name - - uuid + - path + - title + - type - version - status - - metrics + Fleet_settings: + title: Settings + type: object + properties: + delete_unenrolled_agents: + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + fleet_server_hosts: + deprecated: true + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_upgrade_agent: + title: Upgrade agent + type: object + properties: + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + type: string + version: + type: string + required: + - version + Fleet_upgrade_agent_diff: + items: + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + type: array + title: Package policy Upgrade dryrun + type: array + Fleet_upgrade_diff: + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + items: + type: object + properties: + key: + type: string + message: + type: string + type: array + missingVars: + items: + type: string + type: array + type: object + title: Package policy Upgrade dryrun + type: array Machine_learning_APIs_mlSync200Response: properties: datafeedsAdded: @@ -40649,7 +16777,7 @@ components: additionalProperties: $ref: >- #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: If saved objects are missing for trained models, they are created. + description: 'If saved objects are missing for trained models, they are created.' type: object title: Sync API response for created saved objects type: object @@ -41365,13 +17493,13 @@ components: type: object properties: traceId: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: string transactionId: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: string Security_AI_Assistant_API_User: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: object properties: id: @@ -41574,12 +17702,12 @@ components: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. example: 1h - pattern: ^[1-9]\d*[smh]$ + pattern: '^[1-9]\d*[smh]$' type: string lookback: description: Lookback time for the rule example: 1h - pattern: ^[1-9]\d*[smh]$ + pattern: '^[1-9]\d*[smh]$' type: string required: - interval @@ -45028,9 +21156,9 @@ components: - no_actions - rule type: string - - description: Time interval in seconds, minutes, hours, or days. + - description: 'Time interval in seconds, minutes, hours, or days.' example: 1h - pattern: ^[1-9]\d*[smhd]$ + pattern: '^[1-9]\d*[smhd]$' type: string Security_Detections_API_RuleAuthorArray: items: @@ -45291,7 +21419,7 @@ components: discriminator: propertyName: type Security_Detections_API_RuleSignatureId: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: string Security_Detections_API_RuleSource: description: >- @@ -47285,7 +23413,7 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: 'Human readable string identifier, e.g. `trusted-linux-processes`' Security_Endpoint_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItem: @@ -48345,6 +24473,8 @@ components: Security_Entity_Analytics_API_EngineDescriptor: type: object properties: + error: + type: object fieldHistoryLength: type: integer filter: @@ -48804,7 +24934,7 @@ components: type: string Security_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: 'Human readable string identifier, e.g. `trusted-linux-processes`' Security_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItem: @@ -50591,7 +26721,7 @@ components: example: Not Found type: string message: - example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found + example: 'SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found' type: string statusCode: example: 404 @@ -50608,7 +26738,7 @@ components: example: Conflict type: string message: - example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists + example: 'SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists' type: string statusCode: example: 409 @@ -50715,11 +26845,11 @@ components: type: object properties: consumed: - description: The error budget consummed, as a percentage of the initial value. + description: 'The error budget consummed, as a percentage of the initial value.' example: 0.8 type: number initial: - description: The initial error budget, as 1 - objective + description: 'The initial error budget, as 1 - objective' example: 0.02 type: number isEstimated: @@ -50729,7 +26859,7 @@ components: example: true type: boolean remaining: - description: The error budget remaining, as a percentage of the initial value. + description: 'The error budget remaining, as a percentage of the initial value.' example: 0.2 type: number required: @@ -50829,7 +26959,7 @@ components: type: string index: description: The index used by APM metrics - example: metrics-apm*,apm* + example: 'metrics-apm*,apm*' type: string service: description: The APM service name @@ -50876,7 +27006,7 @@ components: type: string index: description: The index used by APM metrics - example: metrics-apm*,apm* + example: 'metrics-apm*,apm*' type: string service: description: The APM service name @@ -51010,7 +27140,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -51064,7 +27194,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -51366,7 +27496,7 @@ components: properties: frequency: default: 1m - description: Configure how often the transform runs, default 1m + description: 'Configure how often the transform runs, default 1m' example: 5m type: string preventInitialBackfill: @@ -51507,7 +27637,7 @@ components: - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' instanceId: - description: the value derived from the groupBy field, if present, otherwise '*' + description: 'the value derived from the groupBy field, if present, otherwise ''*''' example: host-abcde type: string name: @@ -51632,7 +27762,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -51655,7 +27785,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -51683,7 +27813,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string percentile: description: The percentile value. @@ -51743,7 +27873,6 @@ components: security: - apiKeyAuth: [] tags: - - name: alerting - description: > Configure APM agent keys to authorize requests from APM agents to the APM Server. @@ -51753,7 +27882,6 @@ tags: Annotations enable you to easily see how events are impacting the performance of your applications. name: APM annotations - - name: connectors - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana @@ -51767,16 +27895,15 @@ tags: - name: Elastic Package Manager (EPM) - name: Fleet enrollment API keys - name: Fleet internals + - name: Fleet Kubernetes - name: Fleet outputs - name: Fleet package policies - name: Fleet proxies - name: Fleet Server hosts - name: Fleet service tokens - name: Fleet uninstall tokens - - name: Message Signing Service - description: Machine learning name: ml - - name: roles - description: > Export sets of saved objects that you want to import into {kib}, resolve import errors, and rotate an encryption key for encrypted saved objects @@ -51823,10 +27950,10 @@ tags: other criteria are met. name: Security Exceptions API x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' name: Security Lists API x-displayName: Security lists - - description: Run live queries, manage packs and saved queries. + - description: 'Run live queries, manage packs and saved queries.' name: Security Osquery API x-displayName: Security Osquery - description: >- @@ -51834,7 +27961,5 @@ tags: import new Timelines from an ndjson file. name: Security Timeline API x-displayName: Security timeline - - description: SLO APIs enable you to define, manage and track service-level objectives + - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - - name: spaces - - name: system From 16a8eb1e606d93a74b301cf502e87edffda3b39f Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 31 Oct 2024 22:21:57 +0000 Subject: [PATCH 4/4] [CI] Auto-commit changed files from 'make api-docs && make api-docs-staging' --- oas_docs/output/kibana.staging.yaml | 86 +- oas_docs/output/kibana.yaml | 43546 ++++++++------------------ 2 files changed, 13135 insertions(+), 30497 deletions(-) diff --git a/oas_docs/output/kibana.staging.yaml b/oas_docs/output/kibana.staging.yaml index 1b38c3ecc8984..b672704e2b053 100644 --- a/oas_docs/output/kibana.staging.yaml +++ b/oas_docs/output/kibana.staging.yaml @@ -78,7 +78,7 @@ paths: /api/actions: get: deprecated: true - operationId: '%2Fapi%2Factions#0' + operationId: get-actions parameters: - description: The version of the API to use in: header @@ -95,7 +95,7 @@ paths: /api/actions/action: post: deprecated: true - operationId: '%2Fapi%2Factions%2Faction#0' + operationId: post-actions-action parameters: - description: The version of the API to use in: header @@ -188,7 +188,7 @@ paths: delete: deprecated: true description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#0' + operationId: delete-actions-action-id parameters: - description: The version of the API to use in: header @@ -219,7 +219,7 @@ paths: - connectors get: deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#1' + operationId: get-actions-action-id parameters: - description: The version of the API to use in: header @@ -285,7 +285,7 @@ paths: - connectors put: deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D#2' + operationId: put-actions-action-id parameters: - description: The version of the API to use in: header @@ -378,7 +378,7 @@ paths: '/api/actions/action/{id}/_execute': post: deprecated: true - operationId: '%2Fapi%2Factions%2Faction%2F%7Bid%7D%2F_execute#0' + operationId: post-actions-action-id-execute parameters: - description: The version of the API to use in: header @@ -464,7 +464,7 @@ paths: /api/actions/connector_types: get: description: You do not need any Kibana feature privileges to run this API. - operationId: '%2Fapi%2Factions%2Fconnector_types#0' + operationId: get-actions-connector-types parameters: - description: The version of the API to use in: header @@ -489,7 +489,7 @@ paths: '/api/actions/connector/{id}': delete: description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#0' + operationId: delete-actions-connector-id parameters: - description: The version of the API to use in: header @@ -519,7 +519,7 @@ paths: tags: - connectors get: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#1' + operationId: get-actions-connector-id parameters: - description: The version of the API to use in: header @@ -584,7 +584,7 @@ paths: tags: - connectors post: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%3F%7D#0' + operationId: post-actions-connector-id parameters: - description: The version of the API to use in: header @@ -680,7 +680,7 @@ paths: tags: - connectors put: - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D#2' + operationId: put-actions-connector-id parameters: - description: The version of the API to use in: header @@ -776,7 +776,7 @@ paths: description: >- You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. - operationId: '%2Fapi%2Factions%2Fconnector%2F%7Bid%7D%2F_execute#0' + operationId: post-actions-connector-id-execute parameters: - description: The version of the API to use in: header @@ -861,7 +861,7 @@ paths: - connectors /api/actions/connectors: get: - operationId: '%2Fapi%2Factions%2Fconnectors#0' + operationId: get-actions-connectors parameters: - description: The version of the API to use in: header @@ -878,7 +878,7 @@ paths: /api/actions/list_action_types: get: deprecated: true - operationId: '%2Fapi%2Factions%2Flist_action_types#0' + operationId: get-actions-list-action-types parameters: - description: The version of the API to use in: header @@ -1282,7 +1282,7 @@ paths: - alerting '/api/alerting/rule/{id}': delete: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#2' + operationId: delete-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -1318,7 +1318,7 @@ paths: tags: - alerting get: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#0' + operationId: get-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -2166,7 +2166,7 @@ paths: tags: - alerting post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%3F%7D#0' + operationId: post-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -3339,7 +3339,7 @@ paths: tags: - alerting put: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D#1' + operationId: put-alerting-rule-id parameters: - description: The version of the API to use in: header @@ -4486,7 +4486,7 @@ paths: - alerting '/api/alerting/rule/{id}/_disable': post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_disable#0' + operationId: post-alerting-rule-id-disable parameters: - description: The version of the API to use in: header @@ -4535,7 +4535,7 @@ paths: - alerting '/api/alerting/rule/{id}/_enable': post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_enable#0' + operationId: post-alerting-rule-id-enable parameters: - description: The version of the API to use in: header @@ -4572,7 +4572,7 @@ paths: - alerting '/api/alerting/rule/{id}/_mute_all': post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_mute_all#0' + operationId: post-alerting-rule-id-mute-all parameters: - description: The version of the API to use in: header @@ -4609,7 +4609,7 @@ paths: - alerting '/api/alerting/rule/{id}/_unmute_all': post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_unmute_all#0' + operationId: post-alerting-rule-id-unmute-all parameters: - description: The version of the API to use in: header @@ -4646,7 +4646,7 @@ paths: - alerting '/api/alerting/rule/{id}/_update_api_key': post: - operationId: '%2Fapi%2Falerting%2Frule%2F%7Bid%7D%2F_update_api_key#0' + operationId: post-alerting-rule-id-update-api-key parameters: - description: The version of the API to use in: header @@ -4685,8 +4685,7 @@ paths: - alerting '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_mute#0 + operationId: post-alerting-rule-rule-id-alert-alert-id-mute parameters: - description: The version of the API to use in: header @@ -4729,8 +4728,7 @@ paths: - alerting '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': post: - operationId: >- - %2Fapi%2Falerting%2Frule%2F%7Brule_id%7D%2Falert%2F%7Balert_id%7D%2F_unmute#0 + operationId: post-alerting-rule-rule-id-alert-alert-id-unmute parameters: - description: The version of the API to use in: header @@ -4773,7 +4771,7 @@ paths: - alerting /api/alerting/rules/_find: get: - operationId: '%2Fapi%2Falerting%2Frules%2F_find#0' + operationId: get-alerting-rules-find parameters: - description: The version of the API to use in: header @@ -20391,7 +20389,7 @@ paths: - Prompts API /api/security/role: get: - operationId: '%2Fapi%2Fsecurity%2Frole#0' + operationId: get-security-role parameters: - description: The version of the API to use in: header @@ -20418,7 +20416,7 @@ paths: - roles '/api/security/role/{name}': delete: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1' + operationId: delete-security-role-name parameters: - description: The version of the API to use in: header @@ -20448,7 +20446,7 @@ paths: tags: - roles get: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0' + operationId: get-security-role-name parameters: - description: The version of the API to use in: header @@ -20484,7 +20482,7 @@ paths: description: >- Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm. - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' + operationId: put-security-role-name parameters: - description: The version of the API to use in: header @@ -20767,7 +20765,7 @@ paths: - roles /api/security/roles: post: - operationId: '%2Fapi%2Fsecurity%2Froles#0' + operationId: post-security-roles parameters: - description: The version of the API to use in: header @@ -21058,7 +21056,7 @@ paths: request to overwrite any objects that already exist in the target space if they share an identifier or you can use the resolve copy saved objects conflicts API to do this on a per-object basis. - operationId: '%2Fapi%2Fspaces%2F_copy_saved_objects#0' + operationId: post-spaces-copy-saved-objects parameters: - description: The version of the API to use in: header @@ -21145,7 +21143,7 @@ paths: - spaces /api/spaces/_disable_legacy_url_aliases: post: - operationId: '%2Fapi%2Fspaces%2F_disable_legacy_url_aliases#0' + operationId: post-spaces-disable-legacy-url-aliases parameters: - description: The version of the API to use in: header @@ -21199,7 +21197,7 @@ paths: /api/spaces/_get_shareable_references: post: description: Collect references and space contexts for saved objects. - operationId: '%2Fapi%2Fspaces%2F_get_shareable_references#0' + operationId: post-spaces-get-shareable-references parameters: - description: The version of the API to use in: header @@ -21247,7 +21245,7 @@ paths: description: >- Overwrite saved objects that are returned as errors from the copy saved objects to space API. - operationId: '%2Fapi%2Fspaces%2F_resolve_copy_saved_objects_errors#0' + operationId: post-spaces-resolve-copy-saved-objects-errors parameters: - description: The version of the API to use in: header @@ -21342,7 +21340,7 @@ paths: /api/spaces/_update_objects_spaces: post: description: Update one or more saved objects to add or remove them from some spaces. - operationId: '%2Fapi%2Fspaces%2F_update_objects_spaces#0' + operationId: post-spaces-update-objects-spaces parameters: - description: The version of the API to use in: header @@ -21405,7 +21403,7 @@ paths: - spaces /api/spaces/space: get: - operationId: '%2Fapi%2Fspaces%2Fspace#0' + operationId: get-spaces-space parameters: - description: The version of the API to use in: header @@ -21461,7 +21459,7 @@ paths: tags: - spaces post: - operationId: '%2Fapi%2Fspaces%2Fspace#1' + operationId: post-spaces-space parameters: - description: The version of the API to use in: header @@ -21550,7 +21548,7 @@ paths: description: >- When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone. - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' + operationId: delete-spaces-space-id parameters: - description: The version of the API to use in: header @@ -21582,7 +21580,7 @@ paths: tags: - spaces get: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' + operationId: get-spaces-space-id parameters: - description: The version of the API to use in: header @@ -21605,7 +21603,7 @@ paths: tags: - spaces put: - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + operationId: put-spaces-space-id parameters: - description: The version of the API to use in: header @@ -21699,7 +21697,7 @@ paths: - spaces /api/status: get: - operationId: '%2Fapi%2Fstatus#0' + operationId: get-status parameters: - description: The version of the API to use in: header diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 5a028c273c2db..b672704e2b053 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -60,25 +60,407 @@ info: It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/). - - - This documentation contains work-in-progress information for future Elastic - Stack releases. title: Kibana APIs version: 1.0.2 x-doc-license: name: Attribution-NonCommercial-NoDerivatives 4.0 International - url: https://creativecommons.org/licenses/by-nc-nd/4.0/ + url: 'https://creativecommons.org/licenses/by-nc-nd/4.0/' x-feedbackLink: label: Feedback url: >- https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ servers: - - url: https://{kibana_url} + - url: 'https://{kibana_url}' variables: kibana_url: - default: localhost:5601 + default: 'localhost:5601' paths: + /api/actions: + get: + deprecated: true + operationId: get-actions + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} + summary: Get all connectors + tags: + - connectors + /api/actions/action: + post: + deprecated: true + operationId: post-actions-action + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + actionTypeId: + description: The connector type identifier. + type: string + config: + additionalProperties: {} + default: {} + type: object + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + - actionTypeId + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Create a connector + tags: + - connectors + '/api/actions/action/{id}': + delete: + deprecated: true + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: delete-actions-action-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a connector + tags: + - connectors + get: + deprecated: true + operationId: get-actions-action-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Get connector information + tags: + - connectors + put: + deprecated: true + operationId: put-actions-action-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + name: + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Update a connector + tags: + - connectors + '/api/actions/action/{id}/_execute': + post: + deprecated: true + operationId: post-actions-action-id-execute + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + params: + additionalProperties: {} + type: object + required: + - params + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: >- + Indicates whether the connector is preconfigured. If true, + the `config` and `is_missing_secrets` properties are + omitted from the response. + type: boolean + is_system_action: + description: >- + Indicates whether the connector is used for system + actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Run a connector + tags: + - connectors /api/actions/connector_types: get: description: You do not need any Kibana feature privileges to run this API. @@ -104,7 +486,7 @@ paths: summary: Get connector types tags: - connectors - /api/actions/connector/{id}: + '/api/actions/connector/{id}': delete: description: 'WARNING: When you delete a connector, it cannot be recovered.' operationId: delete-actions-connector-id @@ -389,7 +771,7 @@ paths: summary: Update a connector tags: - connectors - /api/actions/connector/{id}/_execute: + '/api/actions/connector/{id}/_execute': post: description: >- You can use this API to test an action that involves interaction with @@ -493,6 +875,23 @@ paths: summary: Get all connectors tags: - connectors + /api/actions/list_action_types: + get: + deprecated: true + operationId: get-actions-list-action-types + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + responses: {} + summary: Get connector types + tags: + - connectors /api/alerting/_health: get: description: > @@ -569,7 +968,7 @@ paths: example: true type: boolean is_sufficiently_secure: - description: If `false`, security is enabled but TLS is not. + description: 'If `false`, security is enabled but TLS is not.' example: true type: boolean description: Indicates a successful call. @@ -881,7 +1280,7 @@ paths: summary: Get the rule types tags: - alerting - /api/alerting/rule/{id}: + '/api/alerting/rule/{id}': delete: operationId: delete-alerting-rule-id parameters: @@ -1377,14 +1776,73 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count success: description: >- Indicates whether the rule run was @@ -1532,13 +1990,11 @@ paths: items: description: Indicates hours of the day to recur. type: number - nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number - nullable: true type: array bymonth: items: @@ -1546,19 +2002,16 @@ paths: Indicates months of the year that this rule should recur. type: number - nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number - nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number - nullable: true type: array bysetpos: items: @@ -1569,7 +2022,6 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number - nullable: true type: array byweekday: items: @@ -1583,13 +2035,11 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number - nullable: true type: array byyearday: items: @@ -1597,7 +2047,6 @@ paths: Indicates the days of the year that this rule should recur. type: number - nullable: true type: array count: description: >- @@ -1635,7 +2084,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: Indicates the start of week, defaults to Monday. + description: 'Indicates the start of week, defaults to Monday.' enum: - MO - TU @@ -2500,14 +2949,73 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count success: description: >- Indicates whether the rule run was @@ -2655,13 +3163,11 @@ paths: items: description: Indicates hours of the day to recur. type: number - nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number - nullable: true type: array bymonth: items: @@ -2669,19 +3175,16 @@ paths: Indicates months of the year that this rule should recur. type: number - nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number - nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number - nullable: true type: array bysetpos: items: @@ -2692,7 +3195,6 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number - nullable: true type: array byweekday: items: @@ -2706,13 +3208,11 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number - nullable: true type: array byyearday: items: @@ -2720,7 +3220,6 @@ paths: Indicates the days of the year that this rule should recur. type: number - nullable: true type: array count: description: >- @@ -2758,7 +3257,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: Indicates the start of week, defaults to Monday. + description: 'Indicates the start of week, defaults to Monday.' enum: - MO - TU @@ -3594,14 +4093,73 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count success: description: >- Indicates whether the rule run was @@ -3749,13 +4307,11 @@ paths: items: description: Indicates hours of the day to recur. type: number - nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number - nullable: true type: array bymonth: items: @@ -3763,19 +4319,16 @@ paths: Indicates months of the year that this rule should recur. type: number - nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number - nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number - nullable: true type: array bysetpos: items: @@ -3786,7 +4339,6 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number - nullable: true type: array byweekday: items: @@ -3800,13 +4352,11 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number - nullable: true type: array byyearday: items: @@ -3814,7 +4364,6 @@ paths: Indicates the days of the year that this rule should recur. type: number - nullable: true type: array count: description: >- @@ -3852,7 +4401,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: Indicates the start of week, defaults to Monday. + description: 'Indicates the start of week, defaults to Monday.' enum: - MO - TU @@ -3935,7 +4484,7 @@ paths: summary: Update a rule tags: - alerting - /api/alerting/rule/{id}/_disable: + '/api/alerting/rule/{id}/_disable': post: operationId: post-alerting-rule-id-disable parameters: @@ -3984,7 +4533,7 @@ paths: summary: Disable a rule tags: - alerting - /api/alerting/rule/{id}/_enable: + '/api/alerting/rule/{id}/_enable': post: operationId: post-alerting-rule-id-enable parameters: @@ -4021,7 +4570,7 @@ paths: summary: Enable a rule tags: - alerting - /api/alerting/rule/{id}/_mute_all: + '/api/alerting/rule/{id}/_mute_all': post: operationId: post-alerting-rule-id-mute-all parameters: @@ -4058,7 +4607,7 @@ paths: summary: Mute all alerts tags: - alerting - /api/alerting/rule/{id}/_unmute_all: + '/api/alerting/rule/{id}/_unmute_all': post: operationId: post-alerting-rule-id-unmute-all parameters: @@ -4095,7 +4644,7 @@ paths: summary: Unmute all alerts tags: - alerting - /api/alerting/rule/{id}/_update_api_key: + '/api/alerting/rule/{id}/_update_api_key': post: operationId: post-alerting-rule-id-update-api-key parameters: @@ -4134,7 +4683,7 @@ paths: summary: Update the API key for a rule tags: - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: + '/api/alerting/rule/{rule_id}/alert/{alert_id}/_mute': post: operationId: post-alerting-rule-rule-id-alert-alert-id-mute parameters: @@ -4177,7 +4726,7 @@ paths: summary: Mute an alert tags: - alerting - /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: + '/api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute': post: operationId: post-alerting-rule-rule-id-alert-alert-id-unmute parameters: @@ -4780,14 +5329,73 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. - enum: - - succeeded - - warning - - failed - type: string + additionalProperties: false + type: object + properties: + alerts_count: + additionalProperties: false + type: object + properties: + active: + description: Number of active alerts during last run. + nullable: true + type: number + ignored: + description: >- + Number of ignored alerts during last + run. + nullable: true + type: number + new: + description: Number of new alerts during last run. + nullable: true + type: number + recovered: + description: >- + Number of recovered alerts during last + run. + nullable: true + type: number + outcome: + description: >- + Outcome of last run of the rule. Value + could be succeeded, warning or failed. + enum: + - succeeded + - warning + - failed + type: string + outcome_msg: + items: + description: >- + Outcome message generated during last + rule run. + type: string + nullable: true + type: array + outcome_order: + description: Order of the outcome. + type: number + warning: + description: Warning of last rule execution. + enum: + - read + - decrypt + - execute + - unknown + - license + - timeout + - disabled + - validate + - maxExecutableActions + - maxAlerts + - maxQueuedActions + - ruleExecution + nullable: true + type: string + required: + - outcome + - alerts_count success: description: >- Indicates whether the rule run was @@ -4935,13 +5543,11 @@ paths: items: description: Indicates hours of the day to recur. type: number - nullable: true type: array byminute: items: description: Indicates minutes of the hour to recur. type: number - nullable: true type: array bymonth: items: @@ -4949,19 +5555,16 @@ paths: Indicates months of the year that this rule should recur. type: number - nullable: true type: array bymonthday: items: description: Indicates the days of the month to recur. type: number - nullable: true type: array bysecond: items: description: Indicates seconds of the day to recur. type: number - nullable: true type: array bysetpos: items: @@ -4972,7 +5575,6 @@ paths: of the month. It is recommended to not set this manually and just use `byweekday`. type: number - nullable: true type: array byweekday: items: @@ -4986,13 +5588,11 @@ paths: Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. - nullable: true type: array byweekno: items: description: Indicates number of the week hours to recur. type: number - nullable: true type: array byyearday: items: @@ -5000,7 +5600,6 @@ paths: Indicates the days of the year that this rule should recur. type: number - nullable: true type: array count: description: >- @@ -5038,7 +5637,7 @@ paths: description: Recur the rule until this date. type: string wkst: - description: Indicates the start of week, defaults to Monday. + description: 'Indicates the start of week, defaults to Monday.' enum: - MO - TU @@ -5117,7 +5716,7 @@ paths: summary: Get information about rules tags: - alerting - /api/alerts/alert/{alertId}: + '/api/alerts/alert/{alertId}': delete: deprecated: true description: > @@ -5419,7 +6018,7 @@ paths: summary: Update an alert tags: - alerting - /api/alerts/alert/{alertId}/_disable: + '/api/alerts/alert/{alertId}/_disable': post: deprecated: true description: Deprecated in 7.13.0. Use the disable rule API instead. @@ -5445,7 +6044,7 @@ paths: summary: Disable an alert tags: - alerting - /api/alerts/alert/{alertId}/_enable: + '/api/alerts/alert/{alertId}/_enable': post: deprecated: true description: Deprecated in 7.13.0. Use the enable rule API instead. @@ -5471,7 +6070,7 @@ paths: summary: Enable an alert tags: - alerting - /api/alerts/alert/{alertId}/_mute_all: + '/api/alerts/alert/{alertId}/_mute_all': post: deprecated: true description: Deprecated in 7.13.0. Use the mute all alerts API instead. @@ -5497,7 +6096,7 @@ paths: summary: Mute all alert instances tags: - alerting - /api/alerts/alert/{alertId}/_unmute_all: + '/api/alerts/alert/{alertId}/_unmute_all': post: deprecated: true description: Deprecated in 7.13.0. Use the unmute all alerts API instead. @@ -5523,7 +6122,7 @@ paths: summary: Unmute all alert instances tags: - alerting - /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute: + '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute': post: deprecated: true description: Deprecated in 7.13.0. Use the mute alert API instead. @@ -5556,7 +6155,7 @@ paths: summary: Mute an alert instance tags: - alerting - /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute: + '/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute': post: deprecated: true description: Deprecated in 7.13.0. Use the unmute alert API instead. @@ -5783,7 +6382,7 @@ paths: example: true type: boolean isSufficientlySecure: - description: If `false`, security is enabled but TLS is not. + description: 'If `false`, security is enabled but TLS is not.' example: true type: boolean description: Indicates a successful call. @@ -5928,8 +6527,8 @@ paths: privileges: items: enum: - - event:write - - config_agent:read + - 'event:write' + - 'config_agent:read' type: string type: array required: true @@ -5955,7 +6554,7 @@ paths: summary: Create an APM agent key tags: - APM agent keys - /api/apm/services/{serviceName}/annotation: + '/api/apm/services/{serviceName}/annotation': post: description: Create a new annotation for a specific service. operationId: createAnnotation @@ -6030,7 +6629,7 @@ paths: summary: Create a service annotation tags: - APM annotations - /api/apm/services/{serviceName}/annotation/search: + '/api/apm/services/{serviceName}/annotation/search': get: description: Search for annotations related to a specific service. operationId: getAnnotation @@ -6087,7 +6686,7 @@ paths: - APM annotations /api/asset_criticality: delete: - description: Delete the asset criticality record for a specific entity. + description: Delete the asset criticality record for a specific asset if it exists. operationId: DeleteAssetCriticalityRecord parameters: - description: The ID value of the asset. @@ -6132,11 +6731,11 @@ paths: description: Successful response '400': description: Invalid request - summary: Delete an asset criticality record + summary: Delete Criticality Record tags: - Security Entity Analytics API get: - description: Get the asset criticality record for a specific entity. + description: Get the criticality record for a specific asset. operationId: GetAssetCriticalityRecord parameters: - description: The ID value of the asset. @@ -6164,17 +6763,11 @@ paths: description: Invalid request '404': description: Criticality record not found - summary: Get an asset criticality record + summary: Get Criticality Record tags: - Security Entity Analytics API post: - description: > - Create or update an asset criticality record for a specific entity. - - - If a record already exists for the specified entity, that record is - overwritten with the specified value. If a record doesn't exist for the - specified entity, a new record is created. + description: Create or update a criticality record for a specific asset. operationId: CreateAssetCriticalityRecord requestBody: content: @@ -6203,19 +6796,14 @@ paths: description: Successful response '400': description: Invalid request - summary: Upsert an asset criticality record + summary: Upsert Criticality Record tags: - Security Entity Analytics API /api/asset_criticality/bulk: post: - description: > - Bulk upsert up to 1000 asset criticality records. - - - If asset criticality records already exist for the specified entities, - those records are overwritten with the specified values. If asset - criticality records don't exist for the specified entities, new records - are created. + description: >- + Bulk upsert up to 1000 asset criticality records, creating or updating + them as needed. operationId: BulkUpsertAssetCriticalityRecords requestBody: content: @@ -6269,12 +6857,12 @@ paths: description: Bulk upload successful '413': description: File too large - summary: Bulk upsert asset criticality records + summary: Bulk Upsert Asset Criticality Records tags: - Security Entity Analytics API /api/asset_criticality/list: get: - description: List asset criticality records, paging, sorting and filtering as needed. + description: 'List asset criticality records, paging, sorting and filtering as needed.' operationId: FindAssetCriticalityRecords parameters: - description: The field to sort by. @@ -6346,7 +6934,7 @@ paths: - per_page - total description: Bulk upload successful - summary: List asset criticality records + summary: List Asset Criticality Records tags: - Security Entity Analytics API /api/cases: @@ -6508,7 +7096,7 @@ paths: summary: Search cases tags: - cases - /api/cases/{caseId}: + '/api/cases/{caseId}': get: description: > You must have `read` privileges for the **Cases** feature in the @@ -6539,7 +7127,7 @@ paths: summary: Get case information tags: - cases - /api/cases/{caseId}/alerts: + '/api/cases/{caseId}/alerts': get: description: > You must have `read` privileges for the **Cases** feature in the @@ -6569,8 +7157,8 @@ paths: summary: Get all alerts for a case tags: - cases - x-state: Technical preview - /api/cases/{caseId}/comments: + x-technical-preview: true + '/api/cases/{caseId}/comments': delete: description: > Deletes all comments and alerts from a case. You must have `all` @@ -6697,7 +7285,7 @@ paths: summary: Add a case comment or alert tags: - cases - /api/cases/{caseId}/comments/_find: + '/api/cases/{caseId}/comments/_find': get: description: > Retrieves a paginated list of comments for a case. You must have `read` @@ -6727,7 +7315,7 @@ paths: summary: Find case comments and alerts tags: - cases - /api/cases/{caseId}/comments/{commentId}: + '/api/cases/{caseId}/comments/{commentId}': delete: description: > You must have `all` privileges for the **Cases** feature in the @@ -6783,7 +7371,7 @@ paths: summary: Get a case comment or alert tags: - cases - /api/cases/{caseId}/connector/{connectorId}/_push: + '/api/cases/{caseId}/connector/{connectorId}/_push': post: description: > You must have `all` privileges for the **Actions and Connectors** @@ -6821,7 +7409,7 @@ paths: summary: Push a case to an external service tags: - cases - /api/cases/{caseId}/user_actions: + '/api/cases/{caseId}/user_actions': get: deprecated: true description: > @@ -6852,7 +7440,7 @@ paths: summary: Get case activity tags: - cases - /api/cases/{caseId}/user_actions/_find: + '/api/cases/{caseId}/user_actions/_find': get: description: > Retrives a paginated list of user activity for a case. You must have @@ -6898,7 +7486,7 @@ paths: summary: Find case activity tags: - cases - /api/cases/alerts/{alertId}: + '/api/cases/alerts/{alertId}': get: description: > You must have `read` privileges for the **Cases** feature in the @@ -6937,7 +7525,7 @@ paths: summary: Get cases for an alert tags: - cases - x-state: Technical preview + x-technical-preview: true /api/cases/configure: get: description: > @@ -7319,7 +7907,7 @@ paths: summary: Add case settings tags: - cases - /api/cases/configure/{configurationId}: + '/api/cases/configure/{configurationId}': patch: description: > Updates setting details such as the closure type, custom fields, @@ -7761,7 +8349,7 @@ paths: summary: Create a data view tags: - data views - /api/data_views/data_view/{viewId}: + '/api/data_views/data_view/{viewId}': delete: description: | WARNING: When you delete a data view, it cannot be recovered. @@ -7834,7 +8422,7 @@ paths: summary: Update a data view tags: - data views - /api/data_views/data_view/{viewId}/fields: + '/api/data_views/data_view/{viewId}/fields': post: description: > Update fields presentation metadata such as count, customLabel, @@ -7877,7 +8465,7 @@ paths: summary: Update data view fields metadata tags: - data views - /api/data_views/data_view/{viewId}/runtime_field: + '/api/data_views/data_view/{viewId}/runtime_field': post: operationId: createRuntimeFieldDefault parameters: @@ -7969,7 +8557,7 @@ paths: summary: Create or update a runtime field tags: - data views - /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: + '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': delete: operationId: deleteRuntimeFieldDefault parameters: @@ -8572,7 +9160,7 @@ paths: items: $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' type: array - description: A JSON array of rules, where each rule contains the required fields. + description: 'A JSON array of rules, where each rule contains the required fields.' required: true responses: '200': @@ -8713,7 +9301,7 @@ paths: items: $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' type: array - description: A JSON array of rules, where each rule contains the required fields. + description: 'A JSON array of rules, where each rule contains the required fields.' required: true responses: '200': @@ -9017,9 +9605,8 @@ paths: tags: - Security Detections API - Import/Export API - /api/detection_engine/rules/{id}/exceptions: + '/api/detection_engine/rules/{id}/exceptions': post: - description: Create exception items that apply to a single detection rule. operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier @@ -9083,7 +9670,7 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Creates rule exception list items tags: - Security Exceptions API /api/detection_engine/rules/prepackaged: @@ -9895,10 +10482,7 @@ paths: - saved objects /api/endpoint_list: post: - description: >- - Create an endpoint exception list, which groups endpoint exception list - items. If an endpoint exception list already exists, an empty response - is returned. + description: Creates an endpoint list or does nothing if the list already exists operationId: CreateEndpointList responses: '200': @@ -9939,14 +10523,11 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Create an endpoint exception list + summary: Creates an endpoint list tags: - Security Endpoint Exceptions API /api/endpoint_list/items: delete: - description: >- - Delete an endpoint exception list item using the `id` or `item_id` - field. operationId: DeleteEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -10009,13 +10590,10 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Delete an endpoint exception list item + summary: Deletes an endpoint list item tags: - Security Endpoint Exceptions API get: - description: >- - Get the details of an endpoint exception list item using the `id` or - `item_id` field. operationId: ReadEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -10080,13 +10658,10 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Get an endpoint exception list item + summary: Reads an endpoint list item tags: - Security Endpoint Exceptions API post: - description: >- - Create an endpoint exception list item, and associate it with the - endpoint exception list. operationId: CreateEndpointListItem requestBody: content: @@ -10177,13 +10752,10 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Create an endpoint exception list item + summary: Creates an endpoint list item tags: - Security Endpoint Exceptions API put: - description: >- - Update an endpoint exception list item using the `id` or `item_id` - field. operationId: UpdateEndpointListItem requestBody: content: @@ -10280,12 +10852,11 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Update an endpoint exception list item + summary: Updates an endpoint list item tags: - Security Endpoint Exceptions API /api/endpoint_list/items/_find: get: - description: Get a list of all endpoint exception list items. operationId: FindEndpointListItems parameters: - description: > @@ -10320,7 +10891,7 @@ paths: schema: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - - description: Determines the sort order, which can be `desc` or `asc` + - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order required: false @@ -10396,7 +10967,7 @@ paths: $ref: >- #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error - summary: Get endpoint exception list items + summary: Finds endpoint list items tags: - Security Endpoint Exceptions API /api/endpoint/action: @@ -10421,7 +10992,7 @@ paths: summary: Get response actions tags: - Security Endpoint Management API - /api/endpoint/action_log/{agent_id}: + '/api/endpoint/action_log/{agent_id}': get: deprecated: true description: Get an action request log for the specified agent ID. @@ -10473,7 +11044,7 @@ paths: summary: Get response actions status tags: - Security Endpoint Management API - /api/endpoint/action/{action_id}: + '/api/endpoint/action/{action_id}': get: description: Get the details of a response action using the action ID. operationId: EndpointGetActionsDetails @@ -10494,7 +11065,7 @@ paths: summary: Get action details tags: - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}: + '/api/endpoint/action/{action_id}/file/{file_id}': get: description: Get information for the specified file using the file ID. operationId: EndpointFileInfo @@ -10520,7 +11091,7 @@ paths: summary: Get file information tags: - Security Endpoint Management API - /api/endpoint/action/{action_id}/file/{file_id}/download: + '/api/endpoint/action/{action_id}/file/{file_id}/download': get: description: Download a file from an endpoint. operationId: EndpointFileDownload @@ -10721,7 +11292,7 @@ paths: - Security Endpoint Management API /api/endpoint/action/unisolate: post: - description: Release an isolated endpoint, allowing it to rejoin a network. + description: 'Release an isolated endpoint, allowing it to rejoin a network.' operationId: EndpointUnisolateAction requestBody: content: @@ -10841,7 +11412,7 @@ paths: summary: Get a metadata list tags: - Security Endpoint Management API - /api/endpoint/metadata/{id}: + '/api/endpoint/metadata/{id}': get: operationId: GetEndpointMetadata parameters: @@ -10926,7 +11497,7 @@ paths: summary: Get an agent policy summary tags: - Security Endpoint Management API - /api/endpoint/protection_updates_note/{package_policy_id}: + '/api/endpoint/protection_updates_note/{package_policy_id}': get: operationId: GetProtectionUpdatesNote parameters: @@ -10974,7 +11545,7 @@ paths: summary: Create or update a protection updates note tags: - Security Endpoint Management API - /api/endpoint/suggestions/{suggestion_type}: + '/api/endpoint/suggestions/{suggestion_type}': post: deprecated: true operationId: GetEndpointSuggestions @@ -11090,7 +11661,7 @@ paths: summary: List the Entity Engines tags: - Security Entity Analytics API - /api/entity_store/engines/{entityType}: + '/api/entity_store/engines/{entityType}': delete: operationId: DeleteEntityEngine parameters: @@ -11139,7 +11710,7 @@ paths: summary: Get an Entity Engine tags: - Security Entity Analytics API - /api/entity_store/engines/{entityType}/init: + '/api/entity_store/engines/{entityType}/init': post: operationId: InitEntityEngine parameters: @@ -11177,7 +11748,7 @@ paths: summary: Initialize an Entity Engine tags: - Security Entity Analytics API - /api/entity_store/engines/{entityType}/start: + '/api/entity_store/engines/{entityType}/start': post: operationId: StartEntityEngine parameters: @@ -11200,7 +11771,7 @@ paths: summary: Start an Entity Engine tags: - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stats: + '/api/entity_store/engines/{entityType}/stats': post: operationId: GetEntityEngineStats parameters: @@ -11238,7 +11809,7 @@ paths: summary: Get Entity Engine stats tags: - Security Entity Analytics API - /api/entity_store/engines/{entityType}/stop: + '/api/entity_store/engines/{entityType}/stop': post: operationId: StopEntityEngine parameters: @@ -11313,7 +11884,7 @@ paths: - Security Entity Analytics API /api/entity_store/entities/list: get: - description: List entities records, paging, sorting and filtering as needed. + description: 'List entities records, paging, sorting and filtering as needed.' operationId: ListEntities parameters: - in: query @@ -11391,7 +11962,6 @@ paths: - Security Entity Analytics API /api/exception_lists: delete: - description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - description: Either `id` or `list_id` must be specified @@ -11456,11 +12026,10 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Delete an exception list + summary: Deletes an exception list tags: - Security Exceptions API get: - description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - description: Either `id` or `list_id` must be specified @@ -11525,23 +12094,10 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Get exception list details + summary: Retrieves an exception list using its `id` or `list_id` field tags: - Security Exceptions API post: - description: > - An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList requestBody: content: @@ -11628,11 +12184,10 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create an exception list + summary: Creates an exception list tags: - Security Exceptions API put: - description: Update an exception list using the `id` or `list_id` field. operationId: UpdateExceptionList requestBody: content: @@ -11722,12 +12277,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Update an exception list + summary: Updates an exception list tags: - Security Exceptions API /api/exception_lists/_duplicate: post: - description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - description: Exception list's human identifier @@ -11797,12 +12351,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Duplicate an exception list + summary: Duplicates an exception list tags: - Security Exceptions API /api/exception_lists/_export: post: - description: Export an exception list and its associated items to an NDJSON file. + description: Exports an exception list and its associated items to an .ndjson file operationId: ExportExceptionList parameters: - description: Exception list's identifier @@ -11882,12 +12436,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Export an exception list + summary: Exports an exception list tags: - Security Exceptions API /api/exception_lists/_find: get: - description: Get a list of all exception lists. operationId: FindExceptionLists parameters: - description: > @@ -11944,7 +12497,7 @@ paths: required: false schema: type: string - - description: Determines the sort order, which can be `desc` or `asc` + - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order required: false @@ -12010,12 +12563,12 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Get exception lists + summary: Finds exception lists tags: - Security Exceptions API /api/exception_lists/_import: post: - description: Import an exception list and its associated items from an NDJSON file. + description: Imports an exception list and associated items operationId: ImportExceptionList parameters: - description: > @@ -12131,12 +12684,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Import an exception list + summary: Imports an exception list tags: - Security Exceptions API /api/exception_lists/items: delete: - description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - description: Either `id` or `item_id` must be specified @@ -12202,13 +12754,10 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Delete an exception list item + summary: Deletes an exception list item tags: - Security Exceptions API get: - description: >- - Get the details of an exception list item using the `id` or `item_id` - field. operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified @@ -12274,17 +12823,10 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Get an exception list item + summary: Gets an exception list item tags: - Security Exceptions API post: - description: > - Create an exception item and associate it with the specified exception - list. - - > info - - > Before creating exception items, you must create an exception list. operationId: CreateExceptionListItem requestBody: content: @@ -12383,11 +12925,10 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create an exception list item + summary: Creates an exception list item tags: - Security Exceptions API put: - description: Update an exception list item using the `id` or `item_id` field. operationId: UpdateExceptionListItem requestBody: content: @@ -12491,12 +13032,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Update an exception list item + summary: Updates an exception list item tags: - Security Exceptions API /api/exception_lists/items/_find: get: - description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - description: List's id @@ -12562,7 +13102,7 @@ paths: required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` + - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order required: false @@ -12636,12 +13176,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Get exception list items + summary: Finds exception list items tags: - Security Exceptions API /api/exception_lists/summary: get: - description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - description: Exception list's identifier generated upon creation @@ -12725,24 +13264,11 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Get an exception list summary + summary: Retrieves an exception list summary tags: - Security Exceptions API /api/exceptions/shared: post: - description: > - An exception list groups exception items and can be associated with - detection rules. A shared exception list can apply to multiple detection - rules. - - > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. operationId: CreateSharedExceptionList requestBody: content: @@ -12803,997 +13329,189 @@ paths: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create a shared exception list + summary: Creates a shared exception list tags: - Security Exceptions API /api/fleet/agent_download_sources: get: - description: List agent binary download sources - operationId: get-fleet-agent-download-sources - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + operationId: get-download-sources responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host + $ref: '#/components/schemas/Fleet_download_sources' type: array page: - type: number + type: integer perPage: - type: number + type: integer total: - type: number - required: - - items - - total - - page - - perPage + type: integer + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources tags: - Elastic Agent binary download sources post: - description: Create agent binary download source - operationId: post-fleet-agent-download-sources - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: post-download-sources requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: host: - format: uri type: string id: type: string is_default: - default: false type: boolean name: type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string required: - name - host + - is_default responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item + $ref: '#/components/schemas/Fleet_download_sources' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Create agent binary download source tags: - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: + '/api/fleet/agent_download_sources/{sourceId}': delete: - description: Delete agent binary download source by ID - operationId: delete-fleet-agent-download-sources-sourceid + operationId: delete-download-source parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: id: type: string required: - id + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Delete agent binary download source by ID tags: - Elastic Agent binary download sources get: - description: Get agent binary download source by ID - operationId: get-fleet-agent-download-sources-sourceid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: sourceId - required: true - schema: - type: string + operationId: get-one-download-source responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host + $ref: '#/components/schemas/Fleet_download_sources' required: - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Get agent binary download source by ID tags: - Elastic Agent binary download sources + parameters: + - in: path + name: sourceId + required: true + schema: + type: string put: - description: Update agent binary download source by ID - operationId: put-fleet-agent-download-sources-sourceid + operationId: update-download-source parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: host: - format: uri - type: string - id: type: string is_default: - default: false type: boolean name: type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. - nullable: true - type: string required: - name + - is_default - host responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host + $ref: '#/components/schemas/Fleet_download_sources' required: - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Update agent binary download source by ID tags: - Elastic Agent binary download sources /api/fleet/agent_policies: get: - description: List agent policies - operationId: get-fleet-agent-policies + description: '' + operationId: agent-policy-list parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - description: use withAgentCount instead - in: query - name: noAgentCount - required: false - schema: - deprecated: true - type: boolean - - description: get policies with agent count + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. in: query - name: withAgentCount - required: false + name: full schema: type: boolean - - description: get full policies with package policies populated + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. in: query - name: full - required: false + name: noAgentCount schema: type: boolean - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision + $ref: '#/components/schemas/Fleet_agent_policy' type: array page: type: number @@ -13806,6028 +13524,2649 @@ paths: - total - page - perPage + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent policies + tags: + - Elastic Agent policies + post: + operationId: create-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_create_request' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent policy tags: - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: post: - description: Create an agent policy - operationId: post-fleet-agent-policies + operationId: bulk-get-agent-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: sys_monitoring - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: + full: + description: get full policies with package policies populated type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + ids: + description: list of agent policy ids items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value + type: string type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true + ignoreMissing: type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get agent policies + tags: + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}': + get: + description: Get one agent policy + operationId: agent-policy-info + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' + put: + operationId: update-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent policy by ID + tags: + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}/copy': + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' + post: + operationId: agent-policy-copy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: type: string - monitoring_pprof_enabled: - type: boolean name: - minLength: 1 - type: string - namespace: - minLength: 1 type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: + required: + - name + description: '' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Copy agent policy by ID + tags: + - Elastic Agent policies + '/api/fleet/agent_policies/{agentPolicyId}/download': + get: + operationId: agent-policy-download + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: type: string - type: array - supports_agentless: - default: false + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + '/api/fleet/agent_policies/{agentPolicyId}/full': + get: + operationId: agent-policy-full + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/delete: + parameters: [] + post: + operationId: delete-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + agentPolicyId: + type: string + force: description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true + bypass validation checks that can prevent agent policy + deletion type: boolean - unenroll_timeout: - minimum: 0 - type: number required: - - name - - namespace + - agentPolicyId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision + id: + type: string + success: + type: boolean required: - - item + - id + - success + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID + tags: + - Elastic Agent policies + /api/fleet/agent_status: + get: + operationId: get-agent-status + parameters: + - in: query + name: policyId + required: false + schema: + type: string + - deprecated: true + in: query + name: kuery + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: + active: + type: integer + all: + type: integer error: - type: string - message: - type: string - statusCode: - type: number + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + deprecated: true + type: integer + unenrolled: + type: integer + updating: + type: integer required: - - message - summary: '' + - active + - all + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - description: Bulk get agent policies - operationId: post-fleet-agent-policies-bulk-get + - Elastic Agent status + /api/fleet/agent_status/data: + get: + operationId: get-agent-data parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - in: query + name: agentsIds required: true schema: - example: 'true' - type: string + items: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + additionalProperties: + type: object + properties: + data: + type: boolean + type: object + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get incoming agent data + tags: + - Elastic Agent status + /api/fleet/agent-status: + get: + deprecated: true + operationId: get-agent-status-deprecated + parameters: - in: query - name: format + name: policyId required: false schema: - enum: - - simplified - - legacy type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary + tags: + - Elastic Agent status + /api/fleet/agents: + get: + operationId: get-agents + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents + tags: + - Elastic Agents + post: + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids + actionIds: items: type: string type: array - ignoreMissing: - type: boolean required: - - ids + - policy_id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package - policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - required: - - items + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}': + delete: + operationId: delete-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + action: + enum: + - deleted type: string - statusCode: - type: number required: - - message - summary: '' + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: + - Elastic Agents get: - description: Get an agent policy by ID - operationId: get-fleet-agent-policies-agentpolicyid + operationId: get-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - $ref: '#/components/parameters/Fleet_with_metrics' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision + $ref: '#/components/schemas/Fleet_agent' required: - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + tags: + items: + type: string + type: array + user_provided_metadata: + type: object + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/actions': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: new-agent-action + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + $ref: '#/components/schemas/Fleet_agent_action' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + items: + type: number + type: array + headers: type: string statusCode: type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action tags: - - Elastic Agent policies - put: - description: Update an agent policy by ID - operationId: put-fleet-agent-policies-agentpolicyid + - Elastic Agent actions + '/api/fleet/agents/{agentId}/reassign': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: reassign-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true + policy_id: type: string - fleet_server_host_id: - nullable: true + required: + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + put: + deprecated: true + operationId: reassign-agent-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + policy_id: type: string - force: - type: boolean - global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + required: + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/request_diagnostics': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: request-diagnostics-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_metrics: items: - additionalProperties: false - type: object - properties: - name: + oneOf: + - enum: + - CPU type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/unenroll': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: unenroll-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true + revoke: type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: OK + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. - nullable: true - type: object - space_ids: - items: + message: type: string - type: array - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace + statusCode: + enum: + - 400 + type: number + description: BAD REQUEST + summary: Unenroll agent + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/upgrade': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: upgrade-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent + tags: + - Elastic Agents + '/api/fleet/agents/{agentId}/uploads': + get: + operationId: list-agent-uploads responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + body: type: object properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + item: items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value + $ref: '#/components/schemas/Fleet_agent_diagnostics' type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /api/fleet/agents/action_status: + get: + operationId: agents-action-status + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - in: query + name: errorSize + schema: + default: 5 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + latestErrors: + description: >- + latest errors that happened when the agents executed + the action + items: type: object properties: - burst: - type: number - interval: + agentId: type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: + error: type: string - max_dur: + timestamp: type: string - max_retries: - type: number - monitoring_enabled: - items: + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: string + startTime: + description: start time of action (scheduled actions) + type: string + status: enum: - - logs - - metrics - - traces + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type + type: array required: - - item + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status + tags: + - Elastic Agent actions + '/api/fleet/agents/actions/{actionId}/cancel': + parameters: + - in: path + name: actionId + required: true + schema: + type: string + post: + operationId: agent-action-cancel + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: + - Elastic Agent actions + /api/fleet/agents/bulk_reassign: post: - description: Copy an agent policy by ID - operationId: post-fleet-agent-policies-agentpolicyid-copy + operationId: bulk-reassign-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: - additionalProperties: false type: object properties: - description: - type: string - name: - minLength: 1 + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + policy_id: + description: new agent policy id type: string required: - - name + - policy_id + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - default: 2h - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_level: - default: info - nullable: true - agent_logging_metrics_period: - default: 30s - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents + tags: + - Elastic Agents + /api/fleet/agents/bulk_request_diagnostics: + post: + operationId: bulk-request-diagnostics + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU type: string - download_source_id: - nullable: true + type: array + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: type: string - fleet_server_host_id: - nullable: true + type: array + batchSize: + type: number + required: + - agents + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents + tags: + - Elastic Agents + /api/fleet/agents/bulk_unenroll: + post: + operationId: bulk-unenroll-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + force: false + revoke: true + schema: + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: type: string - global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: + type: array + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents + tags: + - Elastic Agents + /api/fleet/agents/bulk_update_agent_tags: + post: + operationId: bulk-update-agent-tags + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag + schema: + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy - will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - updated_at: - type: string - updated_by: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: + type: array + batchSize: + type: number + tagsToAdd: + items: type: string - message: + type: array + tagsToRemove: + items: type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: - get: - description: Download an agent policy by ID - operationId: get-fleet-agent-policies-agentpolicyid-download - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean + type: array + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + actionId: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - description: Get a full agent policy by ID - operationId: get-fleet-agent-policies-agentpolicyid-full + - Elastic Agents + /api/fleet/agents/bulk_upgrade: + post: + operationId: bulk-upgrade-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 + schema: + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - sourceURI: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - monitoring: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - proxy_headers - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - namespaces: - items: - type: string - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - type: - type: string - required: - - type - - proxy_headers - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item + actionId: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents + tags: + - Elastic Agents + '/api/fleet/agents/files/{fileId}': + delete: + operationId: delete-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + body: + type: object + properties: + deleted: + type: boolean + id: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/outputs: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + '/api/fleet/agents/files/{fileId}/{fileName}': get: - description: Get list of outputs associated with agent policy by policy id - operationId: get-fleet-agent-policies-agentpolicyid-outputs - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string + operationId: get-agent-upload-file responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + body: type: object properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false + items: type: object properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - required: - - item + body: {} + headers: {} + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /api/fleet/agents/setup: + get: + operationId: get-agents-setup-status + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent setup info tags: - - Elastic Agent policies - /api/fleet/agent_policies/delete: + - Elastic Agents post: - description: Delete agent policy by ID - operationId: post-fleet-agent-policies-delete + operationId: setup-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agentPolicyId: + admin_password: + type: string + admin_username: type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean required: - - agentPolicyId + - admin_username + - admin_password + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup + tags: + - Elastic Agents + /api/fleet/agents/tags: + get: + operationId: get-agent-tags + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags + tags: + - Elastic Agents + /api/fleet/data_streams: + get: + operationId: data-streams-list responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - id: - type: string - name: - type: string - required: - - id - - name + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /api/fleet/enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: type: number required: - - message - summary: '' + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys tags: - - Elastic Agent policies - /api/fleet/agent_policies/outputs: + - Fleet enrollment API keys post: - description: Get list of outputs associated with agent policies - operationId: post-fleet-agent-policies-outputs + operationId: create-enrollment-api-keys parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - ids: - description: list of package policy ids - items: - type: string - type: array + name: + description: The name of the enrollment API key. Must be unique. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string required: - - ids + - policy_id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - type: array - required: - - items + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/api/fleet/enrollment_api_keys/{keyId}': + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + action: + enum: + - deleted type: string - statusCode: - type: number required: - - message - summary: '' + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Revoke enrollment API key by ID by marking it as inactive tags: - - Elastic Agent policies - /api/fleet/agent_status: + - Fleet enrollment API keys get: - description: Get agent status summary - operationId: get-fleet-agent-status - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string + operationId: get-enrollment-api-key responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - results: - additionalProperties: false - type: object - properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - other: - type: number - total: - deprecated: true - type: number - unenrolled: - type: number - updating: - type: number - required: - - events - - total - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' required: - - results + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: type: number required: - - message - summary: '' + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - description: Get incoming agent data - operationId: get-fleet-agent-status-data + - Fleet enrollment API keys + post: + deprecated: true + operationId: create-enrollment-api-keys-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: agentsIds - required: true - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: previewData - required: false - schema: - default: false - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - dataPreview: - items: {} - type: array - items: - items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data - type: object - type: array - required: - - items - - dataPreview + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/api/fleet/enrollment-api-keys/{keyId}': + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + action: + enum: + - deleted type: string - statusCode: - type: number required: - - message - summary: '' + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID tags: - - Elastic Agents - /api/fleet/agent-status: + - Fleet enrollment API keys get: - operationId: get-fleet-agent-status-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - deprecated: true - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/agents: + deprecated: true + operationId: get-enrollment-api-key-deprecated + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/epm/bulk_assets: + post: + operationId: bulk-get-assets + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array + required: + - assetIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: + get: + operationId: get-package-categories + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories + tags: + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /api/fleet/epm/packages: get: - description: List agents - operationId: get-fleet-agents + operationId: list-all-packages parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus schema: default: false type: boolean - - in: query - name: withMetrics - required: false + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease schema: default: false type: boolean - - in: query - name: showUpgradeable - required: false + - deprecated: true + in: query + name: experimental schema: default: false type: boolean - in: query - name: getStatusSummary - required: false + name: category + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List packages + tags: + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors schema: default: false type: boolean - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover schema: - enum: - - asc - - desc - type: string + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string items: items: - additionalProperties: false type: object properties: - access_api_key: - type: string - access_api_key_id: + id: type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type required: - id - - packages - type - - active - - enrolled_at - - local_metadata type: array - page: - type: number - perPage: - type: number - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number required: - items - - total - - page - - perPage + description: OK '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages tags: - - Elastic Agents - post: - description: List agents by action ids - operationId: post-fleet-agents + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgkey}': + delete: + deprecated: true + operationId: delete-package-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey required: true schema: - example: 'true' type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionIds: - items: - type: string - type: array - required: - - actionIds + force: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: + response: items: - type: string + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type type: array required: - - items + - response + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + get: + deprecated: true + operationId: get-package-deprecated + parameters: + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - description: Delete agent by ID - operationId: delete-fleet-agents-agentid + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' - in: path - name: agentId + name: pkgkey required: true schema: type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - action: - enum: - - deleted - type: string + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array required: - - action + - response + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}': + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array required: - - message - summary: '' + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package tags: - - Elastic Agents + - Elastic Package Manager (EPM) get: - description: Get agent by ID - operationId: get-fleet-agents-agentid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: agentId - required: true - schema: - type: string - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean + operationId: get-package responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: + latestVersion: type: string - last_checkin_message: + licensePath: type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting + notice: type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type + savedObject: + deprecated: true type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array status: enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true + - installed + - installing + - install_failed + - not_installed type: string - user_provided_metadata: - additionalProperties: {} - type: object required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error + - status + - savedObject type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package tags: - - Elastic Agents - put: - description: Update agent by ID - operationId: put-fleet-agents-agentid + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors schema: - example: 'true' - type: string - - in: path - name: agentId - required: true + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover schema: - type: string + default: false + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - tags: - items: - type: string - type: array - user_provided_metadata: - additionalProperties: {} - type: object + force: + type: boolean + ignore_constraints: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + _meta: type: object properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: + install_source: enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded + - registry + - upload + - bundled type: string - tags: - items: + items: + items: + type: object + properties: + id: type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array required: - - item + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + get: + operationId: packages-get-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string + body: + type: object + headers: + type: object statusCode: type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + '/api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': post: - description: Create agent action - operationId: post-fleet-agents-agentid-actions + description: '' + operationId: reauthorize-transforms parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName required: true schema: - example: 'true' type: string - in: path - name: agentId + name: pkgVersion required: true schema: type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - action: - anyOf: - - additionalProperties: false + transforms: + items: + type: object + properties: + transformId: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: type: object properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN + error: type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS + success: + type: boolean + transformId: type: string required: - - type - - data - required: - - action + - transformId + - error + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + '/api/fleet/epm/packages/{pkgName}/stats': + get: + operationId: get-package-stats responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' required: - - item + - response + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + /api/fleet/epm/packages/limited: + get: + operationId: list-limited-packages + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - post: - description: Reassign agent - operationId: post-fleet-agents-agentid-reassign - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id + - Elastic Package Manager (EPM) + parameters: [] + '/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs': + get: + operationId: get-inputs-template + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /api/fleet/epm/verification_key_id: + get: + operationId: packages-get-verification-key-id responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: {} + properties: + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/fleet_server_hosts: + get: + operationId: get-fleet-server-hosts + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts tags: - - Elastic Agent actions - put: - operationId: put-fleet-agents-agentid-reassign - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/agents/{agentId}/request_diagnostics: + - Fleet Server hosts post: - description: Request agent diagnostics - operationId: post-fleet-agents-agentid-request-diagnostics - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + operationId: post-fleet-server-hosts requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - nullable: true type: object properties: - additional_metrics: + host_urls: items: - enum: - - CPU type: string type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + '/api/fleet/fleet_server_hosts/{itemId}': + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: type: string required: - - actionId + - id + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/unenroll: - post: - description: Unenroll agent - operationId: post-fleet-agents-agentid-unenroll + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-server-hosts parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - nullable: true type: object properties: - force: + host_urls: + items: + type: string + type: array + is_default: type: boolean - revoke: + is_internal: type: boolean - responses: {} - summary: '' + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/upgrade: + - Fleet Server hosts + /api/fleet/health_check: post: - description: Upgrade agent - operationId: post-fleet-agents-agentid-upgrade + operationId: fleet-server-health-check parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: + host: + deprecated: true type: string - version: + id: type: string required: - - version + - id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: + host: + deprecated: true type: string - message: + id: + description: Fleet Server host id type: string - statusCode: - type: number - required: - - message - summary: '' + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/uploads: + - Fleet internals + /api/fleet/kubernetes: get: - description: List agent uploads - operationId: get-fleet-agents-agentid-uploads + operationId: get-full-k8s-manifest parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - in: path - name: agentId - required: true + - in: query + name: enrolToken + required: false schema: type: string responses: @@ -19835,7801 +16174,3786 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + /api/fleet/logstash_api_keys: + post: + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /api/fleet/outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: type: object properties: items: items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId + $ref: '#/components/schemas/Fleet_output_create_request' type: array - required: - - items + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + '/api/fleet/outputs/{outputId}': + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: type: string - statusCode: - type: number required: - - message - summary: '' + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID tags: - - Elastic Agents - /api/fleet/agents/action_status: + - Fleet outputs get: - description: Get agent action status - operationId: get-fleet-agents-action-status + operationId: get-output + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + put: + operationId: update-output parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 0 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: date - required: false - schema: - type: string - - in: query - name: latest - required: false - schema: - type: number - - in: query - name: errorSize - required: false - schema: - default: 5 - type: number + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - latestErrors: - items: - additionalProperties: false - description: >- - latest errors that happened when the agents - executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime - type: array - required: - - items + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: - post: - description: Cancel agent action - operationId: post-fleet-agents-actions-actionid-cancel - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: actionId - required: true - schema: - type: string + - Fleet outputs + '/api/fleet/outputs/{outputId}/health': + get: + operationId: get-output-health responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - - agents - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string message: + description: long message if unhealthy type: string - statusCode: - type: number - required: - - message - summary: '' + state: + description: 'state of output, HEALTHY or DEGRADED' + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health tags: - - Elastic Agent actions - /api/fleet/agents/available_versions: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /api/fleet/package_policies: get: - description: Get available agent versions - operationId: get-fleet-agents-available-versions + operationId: get-package-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - type: string + $ref: '#/components/schemas/Fleet_package_policy' type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: List package policies tags: - - Elastic Agents - /api/fleet/agents/bulk_reassign: + - Fleet package policies + parameters: [] post: - description: Bulk reassign agents - operationId: post-fleet-agents-bulk-reassign + operationId: create-package-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - policy_id: - type: string - required: - - policy_id - - agents + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: - type: string + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - actionId + - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy tags: - - Elastic Agent actions - /api/fleet/agents/bulk_request_diagnostics: + - Fleet package policies + /api/fleet/package_policies/_bulk_get: post: - description: Bulk request diagnostics from agents - operationId: post-fleet-agents-bulk-request-diagnostics + operationId: bulk-get-package-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - additional_metrics: + ids: + description: list of package policy ids items: - enum: - - CPU type: string type: array - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number + ignoreMissing: + type: boolean required: - - agents + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: - type: string + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array required: - - actionId + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get package policies + tags: + - Fleet package policies + '/api/fleet/package_policies/{packagePolicyId}': + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + id: type: string - statusCode: - type: number required: - - message - summary: '' + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID tags: - - Elastic Agent actions - /api/fleet/agents/bulk_unenroll: - post: - description: Bulk unenroll agents - operationId: post-fleet-agents-bulk-unenroll + - Fleet package policies + get: + operationId: get-package-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - description: KQL query string, leave empty to action all agents - type: string - type: array - - description: list of agent IDs - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents + - $ref: '#/components/parameters/Fleet_format' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: - type: string + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - actionId + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_package_policy' required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID tags: - - Elastic Agent actions - /api/fleet/agents/bulk_update_agent_tags: + - Fleet package policies + /api/fleet/package_policies/delete: post: - description: Bulk update agent tags - operationId: post-fleet-agents-bulk-update-agent-tags + operationId: post-delete-package-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false + force: type: boolean - tagsToAdd: - items: - type: string - type: array - tagsToRemove: + packagePolicyIds: items: type: string type: array required: - - agents + - packagePolicyIds responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy tags: - - Elastic Agent actions - /api/fleet/agents/bulk_upgrade: + - Fleet package policies + /api/fleet/package_policies/upgrade: post: - description: Bulk upgrade agents - operationId: post-fleet-agents-bulk-upgrade - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: upgrade-package-policy requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: - type: string - start_time: - type: string - version: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: type: string required: - - agents - - version + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade + tags: + - Fleet package policies + /api/fleet/proxies: + get: + operationId: get-fleet-proxies responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - actionId: - type: string - required: - - actionId + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List proxies + tags: + - Fleet proxies + post: + operationId: post-fleet-proxies + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create proxy tags: - - Elastic Agent actions - /api/fleet/agents/files/{fileId}: + - Fleet proxies + '/api/fleet/proxies/{itemId}': delete: - description: Delete file uploaded by agent - operationId: delete-fleet-agents-files-fileid + operationId: delete-fleet-proxies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: fileId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - deleted: - type: boolean id: type: string required: - id - - deleted + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + item: + $ref: '#/components/schemas/Fleet_proxies' required: - - message - summary: '' + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}/{fileName}: - get: - description: Get file uploaded by agent - operationId: get-fleet-agents-files-fileid-filename + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-proxies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: + name: type: string - message: + value: type: string - statusCode: - type: number - required: - - message - summary: '' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token tags: - - Elastic Agents - /api/fleet/agents/setup: - get: - description: Get agent setup info - operationId: get-fleet-agents-setup + - Fleet service tokens + /api/fleet/service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: >- - A summary of the agent setup status. `isReady` indicates - whether the setup is ready. If the setup is not ready, - `missing_requirements` lists which requirements are missing. type: object properties: - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: + name: type: string - required: - - isReady - - missing_requirements - - missing_optional_features + value: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/settings: + get: + operationId: get-settings + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + delete_unenrolled_agents: + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: type: string - statusCode: - type: number - required: - - message - summary: '' + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings tags: - - Elastic Agents + - Fleet internals + /api/fleet/setup: post: - description: Initiate agent setup - operationId: post-fleet-agents-setup + operationId: setup parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string message: type: string - statusCode: - type: number - required: - - message - summary: '' + description: Internal Server Error + summary: Initiate Fleet setup tags: - - Elastic Agents - /api/fleet/agents/tags: + - Fleet internals + /api/fleet/uninstall_tokens: get: - description: List agent tags - operationId: get-fleet-agents-tags + operationId: get-uninstall-tokens parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: kuery + - description: The number of items to return + in: query + name: perPage required: false schema: - type: string - - in: query - name: showInactive + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId required: false schema: - default: false - type: boolean + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: items: items: - type: string + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at type: array + page: + type: number + perPage: + type: number + total: + type: number required: - items + - total + - page + - perPage + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy tags: - - Elastic Agents - /api/fleet/check-permissions: + - Fleet uninstall tokens + '/api/fleet/uninstall_tokens/{uninstallTokenId}': get: - description: Check permissions - operationId: get-fleet-check-permissions + operationId: get-uninstall-token parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: path + name: uninstallTokenId + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - in: query - name: fleetServerSetup - required: false - schema: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at required: - - success + - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID tags: - - Fleet internals - /api/fleet/data_streams: - get: - description: List data streams - operationId: get-fleet-data-streams + - Fleet uninstall tokens + /api/lists: + delete: + operationId: DeleteList parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: List's `id` value + in: query + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_Lists_API_ListId' + - in: query + name: deleteReferences + required: false + schema: + default: false + type: boolean + - in: query + name: ignoreReferences + required: false + schema: + default: false + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - type: array - required: - - data_streams + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes a list tags: - - Data streams - /api/fleet/enrollment_api_keys: + - Security Lists API get: - description: List enrollment API keys - operationId: get-fleet-enrollment-api-keys + operationId: ReadList parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false + - description: List's `id` value + in: query + name: id + required: true schema: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Retrieves a list using its id field tags: - - Fleet enrollment API keys - post: - description: Create enrollment API key - operationId: post-fleet-enrollment-api-keys - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - Security Lists API + patch: + operationId: PatchList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - expiration: + _version: type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - type: string - policy_id: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer required: - - policy_id + - id + description: List's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - description: Revoke enrollment API key by ID by marking it as inactive - operationId: delete-fleet-enrollment-api-keys-keyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet enrollment API keys - get: - description: Get enrollment API key by ID - operationId: get-fleet-enrollment-api-keys-keyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - '400': + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patches a list tags: - - Fleet enrollment API keys - /api/fleet/enrollment-api-keys: - get: - operationId: get-fleet-enrollment-api-keys-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: {} - summary: '' - tags: [] + - Security Lists API post: - operationId: post-fleet-enrollment-api-keys-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + operationId: CreateList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - expiration: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: type: string - policy_id: - type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer required: - - policy_id - responses: {} - summary: '' - tags: [] - /api/fleet/enrollment-api-keys/{keyId}: - delete: - operationId: delete-fleet-enrollment-api-keys-keyid-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - get: - operationId: get-fleet-enrollment-api-keys-keyid-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/epm/bulk_assets: - post: - description: Bulk get assets - operationId: post-fleet-epm-bulk-assets - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - type: array - required: - - assetIds + - name + - description + - type + description: List's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - type: array - required: - - items + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - description: List package categories - operationId: get-fleet-epm-categories - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: include_policy_templates - required: false - schema: - type: boolean - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - additionalProperties: false - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - '400': + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Creates a list tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/custom_integrations: - post: - description: Create custom integration - operationId: post-fleet-epm-custom-integrations - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - Security Lists API + put: + operationId: UpdateList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - type: array - force: - type: boolean - integrationName: + _version: type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer required: - - integrationName - - datasets + - id + - name + - description + description: List's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Updates a list tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/data_streams: + - Security Lists API + /api/lists/_find: get: - description: List data streams - operationId: get-fleet-epm-data-streams + operationId: FindLists parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The page number to return + in: query + name: page + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: type + type: integer + - description: The number of lists to return per page + in: query + name: per_page required: false schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: datasetQuery + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field required: false schema: - type: string - - in: query - name: sortOrder + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: 'Determines the sort order, which can be `desc` or `asc`' + in: query + name: sort_order required: false schema: - default: asc enum: - - asc - desc + - asc type: string - - in: query - name: uncategorisedOnly + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor required: false schema: - default: false - type: boolean + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name + $ref: '#/components/schemas/Security_Lists_API_List' type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer required: - - items + - data + - page + - per_page + - total + - cursor + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Finds lists tags: - - Data streams - /api/fleet/epm/packages: - get: - description: List packages - operationId: get-fleet-epm-packages - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: category - required: false - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: experimental - required: false - schema: - type: boolean - - in: query - name: excludeInstallStatus - required: false - schema: - type: boolean + - Security Lists API + /api/lists/index: + delete: + operationId: DeleteListIndex responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array - response: - items: - additionalProperties: true - deprecated: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - id - type: array + acknowledged: + type: boolean required: - - items + - acknowledged + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes list data streams + tags: + - Security Lists API + get: + operationId: ReadListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + list_index: + type: boolean + list_item_index: + type: boolean required: - - message - summary: '' + - list_index + - list_item_index + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream(s) not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list data stream existence status tags: - - Elastic Package Manager (EPM) + - Security Lists API post: - description: Install package by upload - operationId: post-fleet-epm-packages - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string + operationId: CreateListIndex responses: '200': content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array + acknowledged: + type: boolean required: - - items - - _meta + - acknowledged + description: Successful response '400': content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: - post: - description: Bulk install packages - operationId: post-fleet-epm-packages-bulk + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Creates necessary list data streams + tags: + - Security Lists API + /api/lists/items: + delete: + operationId: DeleteListItem parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false schema: - example: 'true' type: string - - in: query - name: prerelease + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh required: false schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - minItems: 1 - type: array - required: - - packages + default: 'false' + enum: + - 'true' + - 'false' + - wait_for + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array - required: - - items + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Deletes a list item tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgkey}: - delete: - operationId: delete-fleet-epm-packages-pkgkey - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force - responses: {} - summary: '' - tags: [] + - Security Lists API get: - operationId: get-fleet-epm-packages-pkgkey + operationId: ReadListItem parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - - in: query - name: prerelease + - description: Required if `list_id` and `value` are not specified + in: query + name: id required: false schema: - type: boolean - - in: query - name: full + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id required: false schema: - type: boolean - - in: query - name: withMetadata + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value required: false - schema: - default: false - type: boolean - responses: {} - summary: '' - tags: [] - post: - operationId: post-fleet-epm-packages-pkgkey - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true schema: type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Gets a list item + tags: + - Security Lists API + patch: + operationId: PatchListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - nullable: true type: object properties: - force: - type: boolean + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - - force - responses: {} - summary: '' - tags: [] - put: - operationId: put-fleet-epm-packages-pkgkey - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgkey - required: true - schema: - type: string + - id + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patches a list item + tags: + - Security Lists API + post: + operationId: CreateListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - keepPoliciesUpToDate: - type: boolean + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - - keepPoliciesUpToDate - responses: {} - summary: '' - tags: [] - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - description: Delete package - operationId: delete-fleet-epm-packages-pkgname-pkgversion - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - list_id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Creates a list item + tags: + - Security Lists API + put: + operationId: UpdateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Updates a list item + tags: + - Security Lists API + /api/lists/items/_export: + post: + description: Exports list item values from the specified list + operationId: ExportListItems + parameters: + - description: List's id to export + in: query + name: list_id required: true schema: - example: 'true' - type: string - - in: path - name: pkgName + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: A `.txt` file containing list items from the specified list + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Exports list items + tags: + - Security Lists API + /api/lists/items/_find: + get: + operationId: FindListItems + parameters: + - description: List's id + in: query + name: list_id required: true schema: - type: string - - in: path - name: pkgVersion - required: true + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of list items to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: 'Determines the sort order, which can be `desc` or `asc`' + in: query + name: sort_order + required: false schema: + enum: + - desc + - asc type: string - - in: query - name: force + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor required: false schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - required: - - force + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true + cursor: + $ref: >- + #/components/schemas/Security_Lists_API_FindListItemsCursor + data: items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer required: - - items + - data + - page + - per_page + - total + - cursor + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Finds list items tags: - - Elastic Package Manager (EPM) - get: - description: Get package - operationId: get-fleet-epm-packages-pkgname-pkgversion + - Security Lists API + /api/lists/items/_import: + post: + description: > + Imports a list of items from a `.txt` or `.csv` file. The maximum file + size is 9 million bytes. + + + You can import items to a new or existing list. + operationId: ImportListItems parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true + - description: | + List's id. + + Required when importing to an existing list. + in: query + name: list_id + required: false schema: - type: string - - in: query - name: ignoreUnverified + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: > + Type of the importing list. + + + Required when importing a new list that is `list_id` is not + specified. + in: query + name: type required: false schema: - type: boolean + $ref: '#/components/schemas/Security_Lists_API_ListType' - in: query - name: prerelease + name: serializer required: false schema: - type: boolean + type: string - in: query - name: full + name: deserializer required: false schema: - type: boolean - - in: query - name: withMetadata + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh required: false schema: - default: false - type: boolean + enum: + - 'true' + - 'false' + - wait_for + type: string + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: >- + A `.txt` or `.csv` file containing newline separated list + items + format: binary + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List with specified list_id does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Imports list items + tags: + - Security Lists API + /api/lists/privileges: + get: + operationId: ReadListPrivileges responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' required: - - item + - lists + - listItems + - is_authenticated + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Gets list privileges tags: - - Elastic Package Manager (EPM) - post: - description: Install package from registry - operationId: post-fleet-epm-packages-pkgname-pkgversion + - Security Lists API + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync saved objects in the default space + tags: + - ml + /api/note: + delete: + operationId: DeleteNote + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + - nullable: true + type: object + properties: + noteIds: + items: type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - response: - deprecated: true - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': + nullable: true + type: array + required: + - noteIds + description: The id of the note to delete. + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + data: + type: object + description: Indicates the note was successfully deleted. + summary: Deletes a note from a timeline. tags: - - Elastic Package Manager (EPM) - put: - description: Update package settings - operationId: put-fleet-epm-packages-pkgname-pkgversion + - Security Timeline API + - 'access:securitySolution' + get: + description: Gets notes + operationId: GetNotes parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: documentIds schema: - default: '2023-10-31' - enum: - - '2023-10-31' + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' + - in: query + name: savedObjectIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + - in: query + name: page + schema: + nullable: true type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - in: query + name: perPage schema: - example: 'true' + nullable: true type: string - - in: path - name: pkgName - required: true + - in: query + name: search schema: + nullable: true type: string - - in: path - name: pkgVersion - required: true + - in: query + name: sortField + schema: + nullable: true + type: string + - in: query + name: sortOrder + schema: + nullable: true + type: string + - in: query + name: filter + schema: + nullable: true + type: string + - in: query + name: createdByFilter schema: + nullable: true type: string + - in: query + name: associatedFilter + schema: + $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object + description: Indicates the requested notes were returned. + summary: Get all notes for a given document. + tags: + - Security Timeline API + - 'access:securitySolution' + patch: + operationId: PersistNoteRoute requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - keepPoliciesUpToDate: + eventDataView: + nullable: true + type: string + eventIngested: + nullable: true + type: string + eventTimestamp: + nullable: true + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + noteId: + nullable: true + type: string + overrideOwner: + nullable: true type: boolean + version: + nullable: true + type: string required: - - keepPoliciesUpToDate + - note + description: The note to persist or update along with additional metadata. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: true + data: type: object properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string + persistNote: + $ref: >- + #/components/schemas/Security_Timeline_API_ResponseNote required: - - savedObject - - name - - version - - title - - assets - response: - additionalProperties: true - deprecated: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - savedObject: {} - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - savedObject - - name - - version - - title - - assets + - persistNote required: - - item - '400': + - data + description: Indicates the note was successfully created. + summary: Persists a note to a timeline. + tags: + - Security Timeline API + - 'access:securitySolution' + /api/osquery/live_queries: + get: + description: Get a list of all live queries. + operationId: OsqueryFindLiveQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live queries tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: + - Security Osquery API + post: + description: Create and run a live query. + operationId: OsqueryCreateLiveQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a live query + tags: + - Security Osquery API + '/api/osquery/live_queries/{id}': get: - description: Get package file - operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath + description: Get the details of a live query using the query ID. + operationId: OsqueryGetLiveQueryDetails parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - in: path - name: pkgVersion + name: id required: true schema: - type: string - - in: path - name: filePath - required: true + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query schema: - type: string + additionalProperties: true + type: object responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: {} - '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query details tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: - post: - description: Authorize transforms - operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize + - Security Osquery API + '/api/osquery/live_queries/{id}/results/{actionId}': + get: + description: Get the results of a live query using the query action ID. + operationId: OsqueryGetLiveQueryResults parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - in: path + name: id required: true schema: - example: 'true' - type: string + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: path - name: pkgName + name: actionId required: true schema: - type: string - - in: path - name: pkgVersion + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query required: true schema: - type: string + $ref: >- + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query results + tags: + - Security Osquery API + /api/osquery/packs: + get: + description: Get a list of all query packs. + operationId: OsqueryFindPacks + parameters: - in: query - name: prerelease - required: false + name: query + required: true schema: - type: boolean + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get packs + tags: + - Security Osquery API + post: + description: Create a query pack. + operationId: OsqueryCreatePacks requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - type: array - required: - - transforms + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error - type: array - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a pack + tags: + - Security Osquery API + '/api/osquery/packs/{id}': + delete: + description: Delete a query pack using the pack ID. + operationId: OsqueryDeletePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a pack tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: + - Security Osquery API get: - description: Get package stats - operationId: get-fleet-epm-packages-pkgname-stats + description: Get the details of a query pack using the pack ID. + operationId: OsqueryGetPacksDetails parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path - name: pkgName + name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - required: - - agent_policy_count - required: - - response - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get pack details + tags: + - Security Osquery API + put: + description: | + Update a query pack using the pack ID. + > info + > You cannot update a prebuilt pack. + operationId: OsqueryUpdatePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a pack tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/installed: + - Security Osquery API + /api/osquery/saved_queries: get: - description: Get installed packages - operationId: get-fleet-epm-packages-installed + description: Get a list of all saved queries. + operationId: OsqueryFindSavedQueries parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: dataStreamType - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: showOnlyActiveDataStreams - required: false - schema: - type: boolean - - in: query - name: nameQuery - required: false - schema: - type: string - - in: query - name: searchAfter - required: false - schema: - items: - anyOf: - - type: string - - type: number - type: array - in: query - name: perPage - required: false + name: query + required: true schema: - default: 15 - type: number - - in: query - name: sortOrder - required: false + $ref: >- + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved queries + tags: + - Security Osquery API + post: + description: Create and run a saved query. + operationId: OsqueryCreateSavedQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a saved query + tags: + - Security Osquery API + '/api/osquery/saved_queries/{id}': + delete: + description: Delete a saved query using the query ID. + operationId: OsqueryDeleteSavedQuery + parameters: + - in: path + name: id + required: true schema: - default: asc - enum: - - asc - - desc - type: string + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - type: array - total: - type: number - required: - - items - - total - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a saved query tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/limited: + - Security Osquery API get: - description: Get limited package list - operationId: get-fleet-epm-packages-limited + description: Get the details of a saved query using the query ID. + operationId: OsqueryGetSavedQueryDetails parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: path + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - response: - deprecated: true - items: - type: string - type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved query details tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: - get: - description: Get inputs template - operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs + - Security Osquery API + put: + description: | + Update a saved query using the query ID. + > info + > You cannot update a prebuilt saved query. + operationId: OsqueryUpdateSavedQuery parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - in: path - name: pkgVersion + name: id required: true schema: - type: string - - in: query - name: format - required: false - schema: - default: json - enum: - - json - - yml - - yaml - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - required: - - id - - type - type: array - required: - - inputs - '400': + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a saved query + tags: + - Security Osquery API + /api/pinned_event: + patch: + operationId: PersistPinnedEventRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventId: + type: string + pinnedEventId: + nullable: true + type: string + timelineId: + type: string + required: + - eventId + - timelineId + description: The pinned event to persist or update along with additional metadata. + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number + data: + type: object + properties: + persistPinnedEventOnTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + required: + - persistPinnedEventOnTimeline required: - - message - summary: '' + - data + description: Indicate the event was successfully pinned in the timeline. + summary: Persists a pinned event to a timeline. tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/verification_key_id: - get: - description: Get a package signature verification key ID - operationId: get-fleet-epm-verification-key-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - Security Timeline API + - 'access:securitySolution' + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - id: - nullable: true - type: string - required: - - id + cleanup_successful: + type: boolean + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + description: Unexpected error + summary: Cleanup the Risk Engine tags: - - Elastic Package Manager (EPM) - /api/fleet/fleet_server_hosts: - get: - description: List Fleet Server hosts - operationId: get-fleet-fleet-server-hosts - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + - Security Entity Analytics API + /api/risk_score/engine/schedule_now: + post: + operationId: ScheduleRiskEngineNow + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: {} responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + description: Unexpected error + summary: Schedule the risk engine to run as soon as possible tags: - - Fleet Server hosts + - Security Entity Analytics API + /api/saved_objects/_bulk_create: post: - description: Create Fleet Server host - operationId: post-fleet-fleet-server-hosts + deprecated: true + operationId: bulkCreateSavedObjects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: 'When true, overwrites the document with the same identifier.' + in: query + name: overwrite schema: - example: 'true' - type: string + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - name - - host_urls + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Create saved objects tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: - delete: - description: Delete Fleet Server host by ID - operationId: delete-fleet-fleet-server-hosts-itemid + - saved objects + /api/saved_objects/_bulk_delete: + post: + deprecated: true + description: | + WARNING: When you delete a saved object, it cannot be recovered. + operationId: bulkDeleteSavedObjects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. + in: query + name: force schema: - type: string + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - id: - type: string - required: - - id + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Delete saved objects tags: - - Fleet Server hosts - get: - description: Get Fleet Server host by ID - operationId: get-fleet-fleet-server-hosts-itemid + - saved objects + /api/saved_objects/_bulk_get: + post: + deprecated: true + operationId: bulkGetSavedObjects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Get saved objects tags: - - Fleet Server hosts - put: - description: Update Fleet Server host by ID - operationId: put-fleet-fleet-server-hosts-itemid + - saved objects + /api/saved_objects/_bulk_resolve: + post: + deprecated: true + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + operationId: bulkResolveSavedObjects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - proxy_id + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Resolve saved objects tags: - - Fleet Server hosts - /api/fleet/health_check: + - saved objects + /api/saved_objects/_bulk_update: post: - description: Check Fleet Server health - operationId: post-fleet-health-check + deprecated: true + description: Update the attributes for multiple Kibana saved objects. + operationId: bulkUpdateSavedObjects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - required: - - id + items: + type: object + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: - host: - deprecated: true - type: string - host_id: - type: string - name: - type: string - status: - type: string - required: - - status + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Update saved objects tags: - - Fleet internals - /api/fleet/kubernetes: - get: - description: Get full K8s agent manifest - operationId: get-fleet-kubernetes + - saved objects + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' schema: - additionalProperties: false + additionalProperties: true type: object - properties: - item: - type: string - required: - - item + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Export saved objects tags: - - Elastic Agent policies - /api/fleet/kubernetes/download: + - saved objects + /api/saved_objects/_find: get: - operationId: get-fleet-kubernetes-download + deprecated: true + description: Retrieve a paginated set of Kibana saved objects. + operationId: findSavedObjects parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + in: query + name: aggs schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - in: query - name: download - required: false + - description: The default operator to use for the `simple_query_string`. + in: query + name: default_search_operator schema: - type: boolean - - in: query - name: fleetServer - required: false + type: string + - description: The fields to return in the attributes key of the response. + in: query + name: fields + schema: + oneOf: + - type: string + - type: array + - description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. + in: query + name: filter schema: type: string - - in: query - name: enrolToken - required: false + - description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + in: query + name: has_no_reference + schema: + type: object + - description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + in: query + name: has_no_reference_operator + schema: + type: string + - description: >- + Filters to objects that have a relationship with the type and ID + combination. + in: query + name: has_reference + schema: + type: object + - description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. + in: query + name: has_reference_operator + schema: + type: string + - description: The page of objects to return. + in: query + name: page + schema: + type: integer + - description: The number of objects to return per page. + in: query + name: per_page + schema: + type: integer + - description: >- + An Elasticsearch `simple_query_string` query that filters the + objects in the response. + in: query + name: search + schema: + type: string + - description: >- + The fields to perform the `simple_query_string` parsed query + against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - type: array + - description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + in: query + name: sort_field schema: type: string + - description: The saved object types to include. + in: query + name: type + required: true + schema: + oneOf: + - type: string + - type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: string - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Search for saved objects tags: - - Elastic Agent policies - /api/fleet/logstash_api_keys: + - saved objects + /api/saved_objects/_import: post: - description: Generate Logstash API key - operationId: post-fleet-logstash-api-keys + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false schema: - example: 'true' - type: string + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' schema: - additionalProperties: false type: object properties: - api_key: - type: string - required: - - api_key + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Import saved objects tags: - - Fleet outputs - /api/fleet/message_signing_service/rotate_key_pair: + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/saved_objects/_resolve_import_errors: post: - description: Rotate fleet message signing key pair - operationId: post-fleet-message-signing-service-rotate-key-pair + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: resolveImportErrors parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false schema: - example: 'true' - type: string - - in: query - name: acknowledge + type: boolean + - description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + in: query + name: createNewCopies required: false schema: - default: false type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request + schema: + type: object + properties: + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. + items: + type: object + properties: + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + items: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + type: array + type: + description: The saved object type. + type: string + required: + - type + - id + type: array + required: + - retries + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsResponse: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_response schema: - additionalProperties: false type: object properties: - message: - type: string - required: - - message + errors: + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. + items: + type: object + type: array + success: + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + type: array + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve import errors + tags: + - saved objects + '/api/saved_objects/{type}': + post: + deprecated: true + description: Create a Kibana saved object with a randomly generated identifier. + operationId: createSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': + description: Indicates a successful call. + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + description: Indicates a conflict error. + summary: Create a saved object tags: - - Message Signing Service - /api/fleet/outputs: + - saved objects + '/api/saved_objects/{type}/{id}': get: - description: List outputs - operationId: get-fleet-outputs + deprecated: true + description: Retrieve a single Kibana saved object by identifier. + operationId: getSavedObject parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Get a saved object + tags: + - saved objects + post: + deprecated: true + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + operationId: createSavedObjectId + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + required: + - attributes + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object - properties: + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + put: + deprecated: true + description: Update the attributes for Kibana saved objects. + operationId: updateSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates the object was not found. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Update a saved object + tags: + - saved objects + '/api/saved_objects/resolve/{type}/{id}': + get: + deprecated: true + description: > + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + operationId: resolveSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve a saved object + tags: + - saved objects + /api/security_ai_assistant/anonymization_fields/_bulk_action: + post: + description: >- + Apply a bulk action to multiple anonymization fields. The bulk action is + applied to all anonymization fields that match the filter or to the list + of anonymization fields by their IDs. + operationId: PerformAnonymizationFieldsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of anonymization fields IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter anonymization fields + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to anonymization fields + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/anonymization_fields/_find: + get: + description: Get a list of all anonymization fields. + operationId: FindAnonymizationFields + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: AnonymizationFields per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse type: array page: - type: number + type: integer perPage: - type: number + type: integer total: - type: number + type: integer required: - - items - - total - page - perPage + - total + - data + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -27638,1457 +19962,69 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Get anonymization fields tags: - - Fleet outputs + - Security AI Assistant API + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: post: - description: Create output - operationId: post-fleet-outputs - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + description: Create a model response for the given chat conversation. + operationId: ChatComplete requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' + required: true responses: '200': + content: + application/octet-stream; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a model response + tags: + - Security AI Assistant API + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: + post: + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -29097,54 +20033,86 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Create a conversation tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - description: Delete output by ID - operationId: delete-fleet-outputs-outputid + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: + get: + description: Get a list of all conversations for the current user. + operationId: FindConversations parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: fields + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false schema: - example: 'true' type: string - - in: path - name: outputId - required: true + - description: Field to sort by + in: query + name: sort_field + required: false schema: - type: string + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Conversations per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - id: - type: string + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer required: - - id + - page + - perPage + - total + - data + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -29153,14 +20121,34 @@ paths: type: string statusCode: type: number - required: - - message - '404': + description: Generic Error + summary: Get conversations + tags: + - Security AI Assistant API + - Conversations API + '/api/security_ai_assistant/current_user/conversations/{id}': + delete: + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -29169,748 +20157,135 @@ paths: type: string statusCode: type: number - required: - - message - summary: '' + description: Generic Error + summary: Delete a conversation tags: - - Fleet outputs + - Security AI Assistant API + - Conversation API get: - description: Get output by ID - operationId: get-fleet-outputs-outputid + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The conversation's `id` value. + in: path + name: id + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation + tags: + - Security AI Assistant API + - Conversations API + put: + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id required: true schema: - type: string + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: type: object properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: error: @@ -29919,14 +20294,129 @@ paths: type: string statusCode: type: number + description: Generic Error + summary: Apply a bulk action to prompts + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: + get: + description: Get a list of all prompts. + operationId: FindPrompts + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer required: - - message - summary: '' + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts tags: - - Fleet outputs - put: - description: Update output by ID - operationId: put-fleet-outputs-outputid + - Security AI Assistant API + - Prompts API + /api/security/role: + get: + operationId: get-security-role + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query + name: replaceDeprecatedPrivileges + required: false + schema: + type: boolean + responses: + '200': + description: Indicates a successful call. + summary: Get all roles + tags: + - roles + '/api/security/role/{name}': + delete: + operationId: delete-security-role-name parameters: - description: The version of the API to use in: header @@ -29944,1491 +20434,338 @@ paths: example: 'true' type: string - in: path - name: outputId + name: name + required: true + schema: + minLength: 1 + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a role + tags: + - roles + get: + operationId: get-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The role name. + in: path + name: name + required: true + schema: + minLength: 1 + type: string + - description: >- + If `true` and the response contains any privileges that are + associated with deprecated features, they are omitted in favor of + details about the appropriate replacement feature privileges. + in: query + name: replaceDeprecatedPrivileges + required: false + schema: + type: boolean + responses: + '200': + description: Indicates a successful call. + summary: Get a role + tags: + - roles + put: + description: >- + Create a new Kibana role or update the attributes of an existing role. + Kibana roles are stored in the Elasticsearch native realm. + operationId: put-security-role-name + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The role name. + in: path + name: name required: true schema: + maxLength: 1024 + minLength: 1 type: string + - description: 'When true, a role is not overwritten if it already exists.' + in: query + name: createOnly + required: false + schema: + default: false + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - additionalProperties: false + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false type: object properties: - allow_edit: + cluster: items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. type: string type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: + indices: items: additionalProperties: false type: object properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + covers the restricted indices too. + type: boolean + field_security: + additionalProperties: + items: + description: >- + The document fields that the role members have + read access to. + type: string type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - topics: - items: - additionalProperties: false - type: object - properties: - topic: - type: string - when: - additionalProperties: false type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic - minItems: 1 - type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: + names: items: + description: >- + The data streams, indices, and aliases to which + the permissions in this entry apply. It supports + wildcards (*). type: string + minItems: 1 type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: + privileges: items: - format: uri + description: >- + The index level privileges that the role members + have for the data streams and indices. type: string minItems: 1 type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch + query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. type: string required: - - name - - type - - hosts - - additionalProperties: true + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false type: object properties: - allow_edit: + clusters: items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. type: string + minItems: 1 type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: + privileges: items: - format: uri + description: >- + The cluster level privileges for the remote + cluster. The allowed values are a subset of the + cluster privileges. type: string minItems: 1 type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be directly + accessed. Only internal system roles should + normally grant privileges over the restricted + indices. Toggling this flag is very strongly + discouraged because it could effectively grant + unrestricted operations on critical data, making + the entire system unstable or leaking sensitive + information. If for administrative purposes you + need to create a role with privileges covering + restricted indices, however, you can set this + property to true. In that case, the names field + will cover the restricted indices too. type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true + clusters: + items: + description: >- + A list of remote cluster aliases. It supports + literal strings as well as wildcards and regular + expressions. + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + description: >- + The document fields that the role members have + read access to. type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true + type: array type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: + names: items: + description: >- + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). type: string + minItems: 1 type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: + privileges: items: + description: >- + The index level privileges that role members + have for the specified indices. type: string minItems: 1 type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash + query: + description: >- + A search query that defines the documents the role + members have read access to. A document within the + specified data streams and indices must match this + query in order for it to be accessible by the role + members. type: string required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string + - clusters + - names + - privileges + type: array + run_as: + items: + description: A user name that the role member can impersonate. + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + description: >- + A base privilege that grants applies to all + spaces. + type: string type: array - hosts: - items: + - items: + description: >- + A base privilege that applies to specific + spaces. type: string - minItems: 1 type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: + feature: + additionalProperties: + items: + description: >- + The privileges that the role member has for the + feature. type: string - topics: - items: - additionalProperties: true - type: object - properties: - topic: - type: string - when: - additionalProperties: true - type: object - properties: - condition: - type: string - type: - enum: - - equals - - contains - - regexp - type: string - required: - - topic + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 minItems: 1 type: array - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - description: Get latest output health - operationId: get-fleet-outputs-outputid-health - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: outputId - required: true - schema: - type: string + - items: + description: A space that the privilege applies to. + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + '204': + description: Indicates a successful call. + summary: Create or update a role tags: - - Fleet outputs - /api/fleet/package_policies: - get: - description: List package policies - operationId: get-fleet-package-policies + - roles + /api/security/roles: + post: + operationId: post-security-roles parameters: - description: The version of the API to use in: header @@ -31438,502 +20775,375 @@ paths: enum: - '2023-10-31' type: string - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: format - required: false + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true schema: - enum: - - simplified - - legacy + example: 'true' type: string - - in: query - name: withAgentCount - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + roles: + additionalProperties: + additionalProperties: false + type: object + properties: + description: + description: A description for the role. + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + description: >- + Cluster privileges that define the cluster level + actions that users can perform. + type: string + type: array + indices: + items: + additionalProperties: false type: object properties: - cluster: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field covers the restricted + indices too. + type: boolean + field_security: + additionalProperties: + items: + description: >- + The document fields that the role + members have read access to. + type: string + type: array + type: object + names: items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: + The data streams, indices, and aliases to + which the permissions in this entry apply. + It supports wildcards (*). type: string - keep_enabled: - type: boolean - policy_template: + minItems: 1 + type: array + privileges: + items: + description: >- + The index level privileges that the role + members have for the data streams and + indices. type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role members. + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + description: >- + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value + minItems: 1 + type: array + privileges: + items: description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: + The cluster level privileges for the + remote cluster. The allowed values are a + subset of the cluster privileges. + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + description: >- + Restricted indices are a special category of + indices that are used internally to store + configuration data and should not be + directly accessed. Only internal system + roles should normally grant privileges over + the restricted indices. Toggling this flag + is very strongly discouraged because it + could effectively grant unrestricted + operations on critical data, making the + entire system unstable or leaking sensitive + information. If for administrative purposes + you need to create a role with privileges + covering restricted indices, however, you + can set this property to true. In that case, + the names field will cover the restricted + indices too. + type: boolean + clusters: + items: description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object + A list of remote cluster aliases. It + supports literal strings as well as + wildcards and regular expressions. + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + description: >- + The document fields that the role + members have read access to. + type: string + type: array + type: object + names: + items: description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true + A list of remote aliases, data streams, or + indices to which the permissions apply. It + supports wildcards (*). + type: string + minItems: 1 + type: array + privileges: + items: description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object + The index level privileges that role + members have for the specified indices. + type: string + minItems: 1 + type: array + query: + description: >- + A search query that defines the documents + the role members have read access to. A + document within the specified data streams + and indices must match this query in order + for it to be accessible by the role + members. + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: + A user name that the role member can + impersonate. + type: string + type: array + kibana: + items: additionalProperties: false type: object properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + description: >- + A base privilege that grants applies to + all spaces. type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: + type: array + - items: + description: >- + A base privilege that applies to specific + spaces. type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + type: array + feature: + additionalProperties: + items: + description: >- + The privileges that the role member has for + the feature. + type: string + type: array type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + description: A space that the privilege applies to. + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + type: object + required: + - roles + responses: + '200': + description: Indicates a successful call. + summary: Create or update roles + tags: + - roles + /api/spaces/_copy_saved_objects: + post: + description: >- + It also allows you to automatically copy related objects, so when you + copy a dashboard, this can automatically copy over the associated + visualizations, data views, and saved searches, as required. You can + request to overwrite any objects that already exist in the target space + if they share an identifier or you can use the resolve copy saved + objects conflicts API to do this on a per-object basis. + operationId: post-spaces-copy-saved-objects + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + description: >- + Apply various adjustments to the saved objects that are + being copied to maintain compatibility between different + Kibana versions. Use this option only if you encounter + issues with copied saved objects. This option cannot be used + with the `createNewCopies` option. + type: boolean + createNewCopies: + default: true + description: >- + Create new copies of saved objects, regenerate each object + identifier, and reset the origin. When used, potential + conflict errors are avoided. This option cannot be used + with the `overwrite` and `compatibilityMode` options. + type: boolean + includeReferences: + default: false + description: >- + When set to true, all saved objects related to the specified + saved objects will also be copied into the target spaces. + type: boolean + objects: + items: + additionalProperties: false + type: object + properties: + id: + description: The identifier of the saved object to copy. + type: string + type: + description: The type of the saved object to copy. + type: string + required: + - type + - id + type: array + overwrite: + default: false + description: >- + When set to true, all conflicts are automatically + overridden. When a saved object with a matching type and + identifier exists in the target space, that version is + replaced with the version from the source space. This option + cannot be used with the `createNewCopies` option. + type: boolean + spaces: + items: + description: >- + The identifiers of the spaces where you want to copy the + specified objects. type: string - statusCode: - type: number - required: - - message - summary: '' + type: array + required: + - spaces + - objects + responses: {} + summary: Copy saved objects between spaces tags: - - Fleet package policies + - spaces + /api/spaces/_disable_legacy_url_aliases: post: - description: Create package policy - operationId: post-fleet-package-policies + operationId: post-spaces-disable-legacy-url-aliases parameters: - description: The version of the API to use in: header @@ -31950,893 +21160,92 @@ paths: schema: example: 'true' type: string - - in: query - name: format - required: false + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + aliases: + items: + additionalProperties: false + type: object + properties: + sourceId: + description: >- + The alias source object identifier. This is the legacy + object identifier. + type: string + targetSpace: + description: The space where the alias target object exists. + type: string + targetType: + description: 'The type of alias target object. ' + type: string + required: + - targetSpace + - targetType + - sourceId + type: array + required: + - aliases + responses: {} + summary: Disable legacy URL aliases + tags: + - spaces + /api/spaces/_get_shareable_references: + post: + description: Collect references and space contexts for saved objects. + operationId: post-spaces-get-shareable-references + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version schema: + default: '2023-10-31' enum: - - simplified - - legacy + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: >- - Force package policy creation even if package is not - verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - description: >- - You should use inputs as an object and not use the deprecated - inputs array. - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: + additionalProperties: false + type: object + properties: + objects: + items: additionalProperties: false type: object properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean id: type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: + type: type: string required: - - name - - enabled - - inputs + - type - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + type: array + required: + - objects + responses: {} + summary: Get shareable references tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: + - spaces + /api/spaces/_resolve_copy_saved_objects_errors: post: - description: Bulk get package policies - operationId: post-fleet-package-policies-bulk-get + description: >- + Overwrite saved objects that are returned as errors from the copy saved + objects to space API. + operationId: post-spaces-resolve-copy-saved-objects-errors parameters: - description: The version of the API to use in: header @@ -32853,14 +21262,6 @@ paths: schema: example: 'true' type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -32868,468 +21269,78 @@ paths: additionalProperties: false type: object properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: + compatibilityMode: + default: false type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: + createNewCopies: + default: true + type: boolean + includeReferences: + default: false + type: boolean + objects: items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + retries: + additionalProperties: items: additionalProperties: false type: object properties: - agents: - type: number - created_at: - type: string - created_by: + createNewCopy: + description: >- + Creates new copies of the saved objects, regenerates + each object ID, and resets the origin. + type: boolean + destinationId: + description: >- + Specifies the destination identifier that the copied + object should have, if different from the current + identifier. type: string - description: - description: Package policy description + id: + description: The saved object identifier. type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: + ignoreMissingReferences: + description: >- + When set to true, any missing references errors are + ignored. type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: + overwrite: + default: false + description: >- + When set to true, the saved object from the source + space overwrites the conflicting object in the + destination space. + type: boolean + type: + description: The saved object type. type: string required: - - name - - enabled - - inputs + - type - id - - revision - - updated_at - - updated_by - - created_at - - created_by type: array - required: - - items - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - description: Delete package policy by ID - operationId: delete-fleet-package-policies-packagepolicyid + type: object + required: + - retries + - objects + responses: {} + summary: Resolve conflicts copying saved objects + tags: [] + /api/spaces/_update_objects_spaces: + post: + description: Update one or more saved objects to add or remove them from some spaces. + operationId: post-spaces-update-objects-spaces parameters: - description: The version of the API to use in: header @@ -33346,50 +21357,53 @@ paths: schema: example: 'true' type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + objects: + items: + additionalProperties: false + type: object + properties: + id: + description: The identifier of the saved object to update. + type: string + type: + description: The type of the saved object to update. + type: string + required: + - type + - id + type: array + spacesToAdd: + items: + description: >- + The identifiers of the spaces the saved objects should be + added to or removed from. type: string - message: + type: array + spacesToRemove: + items: + description: >- + The identifiers of the spaces the saved objects should be + added to or removed from. type: string - statusCode: - type: number - required: - - message - summary: '' + type: array + required: + - objects + - spacesToAdd + - spacesToRemove + responses: {} + summary: Update saved objects in spaces tags: - - Fleet package policies + - spaces + /api/spaces/space: get: - description: Get package policy by ID - operationId: get-fleet-package-policies-packagepolicyid + operationId: get-spaces-space parameters: - description: The version of the API to use in: header @@ -33399,1363 +21413,53 @@ paths: enum: - '2023-10-31' type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format + - description: >- + Specifies which authorization checks are applied to the API call. + The default value is `any`. + in: query + name: purpose required: false schema: enum: - - simplified - - legacy + - any + - copySavedObjectsIntoSpace + - shareSavedObjectsIntoSpace type: string + - description: >- + When enabled, the API returns any spaces that the user is authorized + to access in any capacity and each space will contain the purposes + for which the user is authorized. This can be useful to determine + which spaces a user can read but not take a specific action in. If + the security plugin is not enabled, this parameter has no effect, + since no authorization checks take place. This parameter cannot be + used in with the `purpose` parameter. + in: query + name: include_authorized_purposes + required: true + schema: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - false + type: boolean + x-oas-optional: true + - type: boolean + x-oas-optional: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' + description: Indicates a successful call. + summary: Get all spaces tags: - - Fleet package policies - put: - description: Update package policy by ID - operationId: put-fleet-package-policies-packagepolicyid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation for more - information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default to - true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Input streams (see integration documentation to - know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - required: - - name - - package - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default to - true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration documentation - to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will be - added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy will be - added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration documentation - for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - description: Bulk delete package policies - operationId: post-fleet-package-policies-delete + - spaces + post: + operationId: post-spaces-space parameters: - description: The version of the API to use in: header @@ -34779,120 +21483,127 @@ paths: additionalProperties: false type: object properties: - force: + _reserved: type: boolean - packagePolicyIds: + color: + description: >- + The hexadecimal color code used in the space avatar. By + default, the color is automatically generated from the space + name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] items: + description: The list of features that are turned off in the space. type: string type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package - type: array - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + id: + description: >- + The space ID that is part of the Kibana URL when inside the + space. Space IDs are limited to lowercase alphanumeric, + underscore, and hyphen characters (a-z, 0-9, _, and -). You + are cannot change the ID with the update operation. + type: string + imageUrl: + description: >- + The data-URL encoded image to display in the space avatar. + If specified, initials will not be displayed and the color + will be visible as the background color for transparent + images. For best results, your image should be 64x64. Images + will not be optimized by this API call, so care should be + taken when using custom images. + type: string + initials: + description: >- + One or two characters that are shown in the space avatar. By + default, the initials are automatically generated from the + space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + responses: + '200': + description: Indicates a successful call. + summary: Create a space tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - description: Upgrade package policy to a newer package version - operationId: post-fleet-package-policies-upgrade + - spaces + '/api/spaces/space/{id}': + delete: + description: >- + When you delete a space, all saved objects that belong to the space are + automatically deleted, which is permanent and cannot be undone. + operationId: delete-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: The space identifier. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + '404': + description: Indicates that the request failed. + summary: Delete a space + tags: + - spaces + get: + operationId: get-spaces-space-id + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: The space identifier. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + description: Indicates a successful call. + summary: Get a space + tags: + - spaces + put: + operationId: put-spaces-space-id parameters: - description: The version of the API to use in: header @@ -34909,6 +21620,14 @@ paths: schema: example: 'true' type: string + - description: >- + The space identifier. You are unable to change the ID with the + update operation. + in: path + name: id + required: true + schema: + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -34916,7878 +21635,1270 @@ paths: additionalProperties: false type: object properties: - packagePolicyIds: + _reserved: + type: boolean + color: + description: >- + The hexadecimal color code used in the space avatar. By + default, the color is automatically generated from the space + name. + type: string + description: + description: A description for the space. + type: string + disabledFeatures: + default: [] items: + description: The list of features that are turned off in the space. type: string type: array + id: + description: >- + The space ID that is part of the Kibana URL when inside the + space. Space IDs are limited to lowercase alphanumeric, + underscore, and hyphen characters (a-z, 0-9, _, and -). You + are cannot change the ID with the update operation. + type: string + imageUrl: + description: >- + The data-URL encoded image to display in the space avatar. + If specified, initials will not be displayed and the color + will be visible as the background color for transparent + images. For best results, your image should be 64x64. Images + will not be optimized by this API call, so care should be + taken when using custom images. + type: string + initials: + description: >- + One or two characters that are shown in the space avatar. By + default, the initials are automatically generated from the + space name. + maxLength: 2 + type: string + name: + description: 'The display name for the space. ' + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string required: - - packagePolicyIds + - id + - name + responses: + '200': + description: Indicates a successful call. + summary: Update a space + tags: + - spaces + /api/status: + get: + operationId: get-status + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success - type: array - '400': + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /api/timeline: + delete: + operationId: DeleteTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + savedObjectIds: + items: type: string - message: + type: array + searchIds: + description: >- + Saved search ids that should be deleted alongside the + timelines + items: type: string - statusCode: - type: number + type: array + required: + - savedObjectIds + description: The ids of the timelines or timeline templates to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + deleteTimeline: + type: boolean + required: + - deleteTimeline required: - - message - summary: '' + - data + description: Indicates the timeline was successfully deleted. + summary: Deletes one or more timelines or timeline templates. tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - description: Dry run package policy upgrade - operationId: post-fleet-package-policies-upgrade-dryrun + - Security Timeline API + - 'access:securitySolution' + get: + operationId: GetTimeline parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The ID of the template timeline to retrieve + in: query + name: template_timeline_id schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - description: The ID of the timeline to retrieve + in: query + name: id schema: - example: 'true' type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + type: object + properties: + getOneTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + required: + - getOneTimeline + required: + - data + - additionalProperties: false + type: object + description: Indicates that the (template) timeline was found and returned. + summary: >- + Get an existing saved timeline or timeline template. This API is used to + retrieve an existing saved timeline or timeline template. + tags: + - Security Timeline API + - 'access:securitySolution' + patch: + description: >- + Updates an existing timeline. This API is used to update the title, + description, date range, pinned events, pinned queries, and/or pinned + saved queries of an existing timeline. + operationId: PatchTimeline requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - packagePolicyIds: - items: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - timelineId + - version + - timeline + description: The timeline updates along with the timeline ID and version. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft timeline was successfully created. In the + event the user already has a draft timeline, the existing draft + timeline is cleared and returned. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: type: string - type: array - packageVersion: + statusCode: + type: number + description: >- + Indicates that the user does not have the required access to create + a draft timeline. + summary: Updates an existing timeline. + tags: + - Security Timeline API + - 'access:securitySolution' + post: + operationId: CreateTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true type: string required: - - packagePolicyIds + - timeline + description: >- + The required timeline fields used to create a new timeline along with + optional fields that will be created if not provided. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that input, (default - to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: >- - enable or disable that stream, (default - to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are - available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - type - - enabled - - streams - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - type: array - name: - description: Package policy name (should be unique) - type: string - namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: >- - Agent policy ID where that package policy will - be added - nullable: true - type: string - policy_ids: - items: - description: >- - Agent policy IDs where that package policy - will be added - type: string - type: array - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: >- - Package variable (see integration - documentation for more information) - type: object - required: - - name - - enabled - - inputs - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors - type: array - '400': + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates the timeline was successfully created. + '405': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + body: type: string statusCode: type: number - required: - - message - summary: '' + description: Indicates that there was an error in the timeline creation. + summary: Creates a new timeline. tags: - - Fleet package policies - /api/fleet/proxies: + - Security Timeline API + - 'access:securitySolution' + /api/timeline/_copy: get: - description: List proxies - operationId: get-fleet-proxies + description: | + Copies and returns a timeline or timeline template. + operationId: CopyTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the timeline has been successfully copied. + summary: Copies timeline or timeline template + tags: + - Security Timeline API + - 'access:securitySolution' + /api/timeline/_draft: + get: + operationId: GetDraftTimelines parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: timelineType + required: true schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the draft timeline was successfully retrieved. + '403': + content: + 'application:json; Elastic-Api-Version=2023-10-31': + schema: type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - type: array - page: - type: number - perPage: - type: number - total: + message: + type: string + status_code: type: number - required: - - items - - total - - page - - perPage - '400': + description: >- + If a draft timeline was not found and we attempted to create one, it + indicates that the user does not have the required permissions to + create a draft timeline. + '409': content: - application/json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string message: type: string - statusCode: + status_code: type: number - required: - - message - summary: '' + description: >- + This should never happen, but if a draft timeline was not found and + we attempted to create one, it indicates that there is already a + draft timeline with the given timelineId. + summary: >- + Retrieves the draft timeline for the current user. If the user does not + have a draft timeline, an empty timeline is returned. tags: - - Fleet proxies + - Security Timeline API + - 'access:securitySolution' post: - description: Create proxy - operationId: post-fleet-proxies - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + description: > + Retrieves a clean draft timeline. If a draft timeline does not exist, it + is created and returned. + operationId: CleanDraftTimelines requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' required: - - url - - name + - timelineType + description: >- + The type of timeline to create. Valid values are `default` and + `template`. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft timeline was successfully created. In the + event the user already has a draft timeline, the existing draft + timeline is cleared and returned. + '403': + content: + 'application:json; Elastic-Api-Version=2023-10-31': + schema: type: object properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': + message: + type: string + status_code: + type: number + description: >- + Indicates that the user does not have the required permissions to + create a draft timeline. + '409': content: - application/json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string message: type: string - statusCode: + status_code: type: number - required: - - message - summary: '' + description: >- + Indicates that there is already a draft timeline with the given + timelineId. + summary: Retrieves a draft timeline or timeline template. tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: - delete: - description: Delete proxy by ID - operationId: delete-fleet-proxies-itemid + - Security Timeline API + - 'access:securitySolution' + /api/timeline/_export: + post: + operationId: ExportTimelines parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId + - description: The name of the file to export + in: query + name: file_name required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + description: The ids of the timelines to export + required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id + description: NDJSON of the exported timelines + type: string + description: Indicates the timelines were successfully exported '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + body: type: string statusCode: type: number - required: - - message - summary: '' + description: Indicates that the export size limit was exceeded + summary: Exports timelines as an NDJSON file tags: - - Fleet proxies - get: - description: Get proxy by ID - operationId: get-fleet-proxies-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: itemId - required: true - schema: - type: string + - Security Timeline API + - 'access:securitySolution' + /api/timeline/_favorite: + patch: + operationId: PersistFavoriteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + description: The required fields used to favorite a (template) timeline. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - item: - additionalProperties: false + data: type: object properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string + persistFavorite: + $ref: >- + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse required: - - id - - url - - name + - persistFavorite required: - - item - '400': + - data + description: Indicates the favorite status was successfully updated. + '403': content: - application/json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + body: type: string statusCode: type: number - required: - - message - summary: '' + description: >- + Indicates the user does not have the required permissions to persist + the favorite status. + summary: Persists a given users favorite status of a timeline. tags: - - Fleet proxies - put: - description: Update proxy by ID - operationId: put-fleet-proxies-itemid - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string + - Security Timeline API + - 'access:securitySolution' + /api/timeline/_import: + post: + operationId: ImportTimelines requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: + file: {} + isImmutable: + enum: + - 'true' + - 'false' type: string required: - - proxy_headers - - certificate_authorities - - certificate - - certificate_key + - file + description: The timelines to import as a readable stream. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the import of timelines was successful. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: + body: type: string - message: + id: type: string statusCode: type: number - required: - - message - summary: '' - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - description: Create a service token - operationId: post-fleet-service-tokens - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - nullable: true - type: object - properties: - remote: - default: false - type: boolean - responses: - '200': + description: >- + Indicates the import of timelines was unsuccessful because of an + invalid file extension. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - name: - type: string - value: + id: type: string - required: - - name - - value - '400': + statusCode: + type: number + description: >- + Indicates that we were unable to locate the saved object client + necessary to handle the import. + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error type: object properties: - error: + body: type: string - message: + id: type: string statusCode: type: number - required: - - message - summary: '' + description: Indicates the import of timelines was unsuccessful. + summary: Imports timelines. tags: - - Fleet service tokens - /api/fleet/service-tokens: + - Security Timeline API + - 'access:securitySolution' + /api/timeline/_prepackaged: post: - description: Create a service token - operationId: post-fleet-service-tokens-2 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: {} - summary: '' - tags: [] - /api/fleet/settings: - get: - description: Get settings - operationId: get-fleet-settings - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + operationId: InstallPrepackedTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + prepackagedTimelines: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + description: The timelines to install or update. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the installation of prepackaged timelines was successful. + '500': content: - application/json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + body: type: string statusCode: type: number - required: - - message - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' + description: >- + Indicates the installation of prepackaged timelines was + unsuccessful. + summary: Installs prepackaged timelines. tags: - - Fleet internals - put: - description: Update settings - operationId: put-fleet-settings + - Security Timeline API + - 'access:securitySolution' + /api/timeline/resolve: + get: + operationId: ResolveTimeline parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: The ID of the template timeline to resolve + in: query + name: template_timeline_id schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - description: The ID of the timeline to resolve + in: query + name: id schema: - example: 'true' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - format: uri - type: string - type: array - has_seen_add_data_notice: - type: boolean - kibana_ca_sha256: - type: string - kibana_urls: - items: - format: uri - type: string - type: array - prerelease_integrations_enabled: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object + oneOf: + - type: object properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - fleet_server_hosts: - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string + data: + $ref: >- + #/components/schemas/Security_Timeline_API_ResolvedTimeline required: - - id - required: - - item + - data + - additionalProperties: false + type: object + description: The (template) timeline has been found '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message + description: The request is missing parameters '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: '' + description: The (template) timeline was not found + summary: Get an existing saved timeline or timeline template. tags: - - Fleet internals - /api/fleet/setup: - post: - description: Initiate Fleet setup - operationId: post-fleet-setup + - Security Timeline API + - 'access:securitySolution' + /api/timelines: + get: + operationId: GetTimelines parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - description: >- + If true, only timelines that are marked as favorites by the user are + returned. + in: query + name: only_user_favorite schema: - default: '2023-10-31' enum: - - '2023-10-31' + - 'true' + - 'false' + nullable: true type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - in: query + name: timeline_type schema: - example: 'true' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + - in: query + name: sort_field + schema: + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' + - in: query + name: sort_order + schema: + enum: + - asc + - desc + type: string + - in: query + name: page_size + schema: + nullable: true + type: string + - in: query + name: page_index + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true type: string + - in: query + name: status + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. type: object properties: - isInitialized: - type: boolean - nonFatalErrors: + customTemplateTimelineCount: + type: number + defaultTimelineCount: + type: number + elasticTemplateTimelineCount: + type: number + favoriteCount: + type: number + templateTimelineCount: + type: number + timeline: items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse type: array + totalCount: + type: number required: - - isInitialized - - nonFatalErrors + - timeline + - totalCount + description: Indicates that the (template) timelines were found and returned. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + 'application:json; Elastic-Api-Version=2023-10-31': schema: - additionalProperties: false - description: Generic Error type: object properties: - error: - type: string - message: + body: type: string statusCode: type: number - required: - - message - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message - summary: '' + description: Bad request. The user supplied invalid data. + summary: >- + This API is used to retrieve a list of existing saved timelines or + timeline templates. tags: - - Fleet internals - /api/fleet/uninstall_tokens: + - Security Timeline API + - 'access:securitySolution' + '/s/{spaceId}/api/observability/slos': get: - description: List metadata for latest uninstall tokens per agent policy - operationId: get-fleet-uninstall-tokens + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: Partial match filtering for policy IDs + - description: 'The page to use for pagination, must be greater or equal than 1' + example: 1 in: query - name: policyId - required: false + name: page schema: - maxLength: 50 - type: string - - in: query - name: search - required: false + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy schema: - maxLength: 50 + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining type: string - - description: The number of items to return + - description: Sort order + example: asc in: query - name: perPage - required: false + name: sortDirection schema: - minimum: 5 - type: number - - in: query - name: page - required: false + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale schema: - minimum: 1 - type: number + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: - get: - description: Get one decrypted uninstall token by its ID - operationId: get-fleet-uninstall-tokens-uninstalltokenid + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: uninstallTokenId - required: true - schema: - type: string + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: '' + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + summary: Create an SLO tags: - - Fleet uninstall tokens - /api/lists: - delete: - description: | - Delete a list using the list ID. - > info - > When you delete a list, all of its list items are also deleted. - operationId: DeleteList + - slo + '/s/{spaceId}/api/observability/slos/_delete_instances': + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp parameters: - - description: List's `id` value - in: query - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query - name: deleteReferences - required: false - schema: - default: false - type: boolean - - in: query - name: ignoreReferences - required: false - schema: - default: false - type: boolean + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true responses: - '200': + '204': + description: Successful request + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + summary: Batch delete rollup and summary data + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}': + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO tags: - - Security Lists API + - slo get: - description: Get the details of a list using the list ID. - operationId: ReadList + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp parameters: - - description: List's `id` value + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde in: query - name: id - required: true + name: instanceId schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list details + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO tags: - - Security Lists API - patch: - description: Update specific fields of an existing list using the list ID. - operationId: PatchList + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - description: List's properties + $ref: '#/components/schemas/SLOs_update_slo_request' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO tags: - - Security Lists API + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': post: - description: Create a new list. - operationId: CreateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - deserializer: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - serializer: - type: string - type: - $ref: '#/components/schemas/Security_Lists_API_ListType' - version: - default: 1 - minimum: 1 - type: integer - required: - - name - - description - - type - description: List's properties - required: true + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': + '204': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO tags: - - Security Lists API - put: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/disable': + post: description: > - Update a list using the list ID. The original list is replaced, and all - unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - description: - $ref: '#/components/schemas/Security_Lists_API_ListDescription' - id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListMetadata' - name: - $ref: '#/components/schemas/Security_Lists_API_ListName' - version: - minimum: 1 - type: integer - required: - - id - - name - - description - description: List's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list - tags: - - Security Lists API - /api/lists/_find: - get: - description: >- - Get a paginated subset of lists. By default, the first page is returned, - with 20 results per page. - operationId: FindLists + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp parameters: - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of lists to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - data: - items: - $ref: '#/components/schemas/Security_Lists_API_List' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get lists - tags: - - Security Lists API - /api/lists/index: - delete: - description: Delete the `.lists` and `.items` data streams. - operationId: DeleteListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete list data streams - tags: - - Security Lists API - get: - description: Verify that `.lists` and `.items` data streams exist. - operationId: ReadListIndex + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - list_index: - type: boolean - list_item_index: - type: boolean - required: - - list_index - - list_item_index - description: Successful response + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream(s) not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get status of list data streams + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO tags: - - Security Lists API + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/enable': post: - description: Create `.lists` and `.items` data streams in the relevant space. - operationId: CreateListIndex - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - required: - - acknowledged - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List data stream exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create list data streams - tags: - - Security Lists API - /api/lists/items: - delete: - description: Delete a list item using its `id`, or its `list_id` and `value` fields. - operationId: DeleteListItem - parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - default: 'false' - enum: - - 'true' - - 'false' - - wait_for - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Delete a list item - tags: - - Security Lists API - get: - description: Get the details of a list item. - operationId: ReadListItem + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp parameters: - - description: Required if `list_id` and `value` are not specified - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified - in: query - name: value - required: false - schema: - type: string + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Lists_API_ListItem' - - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - description: Successful response + '204': + description: Successful request '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get a list item - tags: - - Security Lists API - patch: - description: Update specific fields of an existing list item using the list item ID. - operationId: PatchListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Patch a list item - tags: - - Security Lists API - post: - description: > - Create a list item and associate it with the specified list. - - - All list items in the same list must be the same type. For example, each - list item in an `ip` list must define a specific IP address. - - > info - - > Before creating a list item, you must create a list. - operationId: CreateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - list_id: - $ref: '#/components/schemas/Security_Lists_API_ListId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - refresh: - description: >- - Determines when changes made by the request are made visible - to search - enum: - - 'true' - - 'false' - - wait_for - type: string - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - list_id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Create a list item - tags: - - Security Lists API - put: - description: > - Update a list item using the list item ID. The original list item is - replaced, and all unspecified fields are deleted. - - > info - - > You cannot modify the `id` value. - operationId: UpdateListItem - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - _version: - type: string - id: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - meta: - $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' - value: - $ref: '#/components/schemas/Security_Lists_API_ListItemValue' - required: - - id - - value - description: List item's properties - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List item not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Update a list item - tags: - - Security Lists API - /api/lists/items/_export: - post: - description: Export list item values from the specified list. - operationId: ExportListItems - parameters: - - description: List's id to export - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: A `.txt` file containing list items from the specified list - format: binary - type: string - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Export list items - tags: - - Security Lists API - /api/lists/items/_find: - get: - description: Get all list items in the specified list. - operationId: FindListItems - parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return - in: query - name: page - required: false - schema: - type: integer - - description: The number of list items to return per page - in: query - name: per_page - required: false - schema: - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. - in: query - name: cursor - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - - using the : syntax. - in: query - name: filter - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor - data: - items: - $ref: '#/components/schemas/Security_Lists_API_ListItem' - type: array - page: - minimum: 0 - type: integer - per_page: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - - cursor - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list items - tags: - - Security Lists API - /api/lists/items/_import: - post: - description: > - Import list items from a TXT or CSV file. The maximum file size is 9 - million bytes. - - - You can import items to a new or existing list. - operationId: ImportListItems - parameters: - - description: | - List's id. - - Required when importing to an existing list. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > - Type of the importing list. - - - Required when importing a new list that is `list_id` is not - specified. - in: query - name: type - required: false - schema: - $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query - name: serializer - required: false - schema: - type: string - - in: query - name: deserializer - required: false - schema: - type: string - - description: >- - Determines when changes made by the request are made visible to - search - in: query - name: refresh - required: false - schema: - enum: - - 'true' - - 'false' - - wait_for - type: string - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items - format: binary - type: string - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_List' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: List with specified list_id does not exist response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Import list items - tags: - - Security Lists API - /api/lists/privileges: - get: - operationId: ReadListPrivileges - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - is_authenticated: - type: boolean - listItems: - $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' - lists: - $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' - required: - - lists - - listItems - - is_authenticated - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse - - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' - description: Internal server error response - summary: Get list privileges - tags: - - Security Lists API - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space - tags: - - ml - /api/note: - delete: - description: Delete a note from a Timeline using the note ID. - operationId: DeleteNote - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - nullable: true - type: object - properties: - noteId: - type: string - required: - - noteId - - nullable: true - type: object - properties: - noteIds: - items: - type: string - nullable: true - type: array - required: - - noteIds - description: The ID of the note to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - description: Indicates the note was successfully deleted. - summary: Delete a note - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get all notes for a given document. - operationId: GetNotes - parameters: - - in: query - name: documentIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - - in: query - name: savedObjectIds - schema: - $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' - - in: query - name: page - schema: - nullable: true - type: string - - in: query - name: perPage - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: sortField - schema: - nullable: true - type: string - - in: query - name: sortOrder - schema: - nullable: true - type: string - - in: query - name: filter - schema: - nullable: true - type: string - - in: query - name: createdByFilter - schema: - nullable: true - type: string - - in: query - name: associatedFilter - schema: - $ref: '#/components/schemas/Security_Timeline_API_AssociatedFilterType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object - description: Indicates the requested notes were returned. - summary: Get notes - tags: - - Security Timeline API - - access:securitySolution - patch: - description: Add a note to a Timeline or update an existing note. - operationId: PersistNoteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventDataView: - nullable: true - type: string - eventIngested: - nullable: true - type: string - eventTimestamp: - nullable: true - type: string - note: - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - noteId: - nullable: true - type: string - overrideOwner: - nullable: true - type: boolean - version: - nullable: true - type: string - required: - - note - description: The note to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote - required: - - persistNote - required: - - data - description: Indicates the note was successfully created. - summary: Add or update a note - tags: - - Security Timeline API - - access:securitySolution - /api/osquery/live_queries: - get: - description: Get a list of all live queries. - operationId: OsqueryFindLiveQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live queries - tags: - - Security Osquery API - post: - description: Create and run a live query. - operationId: OsqueryCreateLiveQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a live query - tags: - - Security Osquery API - /api/osquery/live_queries/{id}: - get: - description: Get the details of a live query using the query ID. - operationId: OsqueryGetLiveQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - schema: - additionalProperties: true - type: object - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query details - tags: - - Security Osquery API - /api/osquery/live_queries/{id}/results/{actionId}: - get: - description: Get the results of a live query using the query action ID. - operationId: OsqueryGetLiveQueryResults - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: path - name: actionId - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_Id' - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get live query results - tags: - - Security Osquery API - /api/osquery/packs: - get: - description: Get a list of all query packs. - operationId: OsqueryFindPacks - parameters: - - in: query - name: query - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get packs - tags: - - Security Osquery API - post: - description: Create a query pack. - operationId: OsqueryCreatePacks - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a pack - tags: - - Security Osquery API - /api/osquery/packs/{id}: - delete: - description: Delete a query pack using the pack ID. - operationId: OsqueryDeletePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a pack - tags: - - Security Osquery API - get: - description: Get the details of a query pack using the pack ID. - operationId: OsqueryGetPacksDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get pack details - tags: - - Security Osquery API - put: - description: | - Update a query pack using the pack ID. - > info - > You cannot update a prebuilt pack. - operationId: OsqueryUpdatePacks - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_PackId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a pack - tags: - - Security Osquery API - /api/osquery/saved_queries: - get: - description: Get a list of all saved queries. - operationId: OsqueryFindSavedQueries - parameters: - - in: query - name: query - required: true - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved queries - tags: - - Security Osquery API - post: - description: Create and run a saved query. - operationId: OsqueryCreateSavedQuery - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Create a saved query - tags: - - Security Osquery API - /api/osquery/saved_queries/{id}: - delete: - description: Delete a saved query using the query ID. - operationId: OsqueryDeleteSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Delete a saved query - tags: - - Security Osquery API - get: - description: Get the details of a saved query using the query ID. - operationId: OsqueryGetSavedQueryDetails - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Get saved query details - tags: - - Security Osquery API - put: - description: | - Update a saved query using the query ID. - > info - > You cannot update a prebuilt saved query. - operationId: OsqueryUpdateSavedQuery - parameters: - - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse - description: OK - summary: Update a saved query - tags: - - Security Osquery API - /api/pinned_event: - patch: - description: Pin an event to an existing Timeline. - operationId: PersistPinnedEventRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - eventId: - type: string - pinnedEventId: - nullable: true - type: string - timelineId: - type: string - required: - - eventId - - timelineId - description: The pinned event to add or update, along with additional metadata. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse - required: - - persistPinnedEventOnTimeline - required: - - data - description: Indicates the event was successfully pinned to the Timeline. - summary: Pin an event - tags: - - Security Timeline API - - access:securitySolution - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API - /api/risk_score/engine/schedule_now: - post: - description: >- - Schedule the risk scoring engine to run as soon as possible. You can use - this to recalculate entity risk scores after updating their asset - criticality. - operationId: ScheduleRiskEngineNow - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: {} - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse - description: Task manager is unavailable - default: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse - description: Unexpected error - summary: Run the risk scoring engine - tags: - - Security Entity Analytics API - /api/saved_objects/_bulk_create: - post: - deprecated: true - operationId: bulkCreateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: When true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects - tags: - - saved objects - /api/saved_objects/_bulk_get: - post: - deprecated: true - operationId: bulkGetSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects - tags: - - saved objects - /api/saved_objects/_bulk_resolve: - post: - deprecated: true - description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects - tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects - tags: - - saved objects - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' - schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true - responses: - '200': - content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' - schema: - additionalProperties: true - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects - tags: - - saved objects - /api/saved_objects/_find: - get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects - parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. - in: query - name: fields - schema: - oneOf: - - type: string - - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. - in: query - name: has_reference - schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator - schema: - type: string - - description: The page of objects to return. - in: query - name: page - schema: - type: integer - - description: The number of objects to return per page. - in: query - name: per_page - schema: - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - in: query - name: sort_field - schema: - type: string - - description: The saved object types to include. - in: query - name: type - required: true - schema: - oneOf: - - type: string - - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' - schema: - type: object - properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/saved_objects/_resolve_import_errors: - post: - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. - in: query - name: createNewCopies - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request - schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: - type: object - properties: - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string - id: - description: The saved object ID. - type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - required: - - retries - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response - schema: - type: object - properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors - tags: - - saved objects - /api/saved_objects/{type}: - post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: If true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - /api/saved_objects/{type}/{id}: - get: - deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object - tags: - - saved objects - post: - deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: If true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object - tags: - - saved objects - put: - deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object - tags: - - saved objects - /api/saved_objects/resolve/{type}/{id}: - get: - deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object - tags: - - saved objects - /api/security_ai_assistant/anonymization_fields/_bulk_action: - post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. - operationId: PerformAnonymizationFieldsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of anonymization fields IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter anonymization fields - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to anonymization fields - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/anonymization_fields/_find: - get: - description: Get a list of all anonymization fields. - operationId: FindAnonymizationFields - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: AnonymizationFields per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get anonymization fields - tags: - - Security AI Assistant API - - AnonymizationFields API - /api/security_ai_assistant/chat/complete: - post: - description: Create a model response for the given chat conversation. - operationId: ChatComplete - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' - required: true - responses: - '200': - content: - application/octet-stream; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a model response - tags: - - Security AI Assistant API - - Chat Complete API - /api/security_ai_assistant/current_user/conversations: - post: - description: Create a new Security AI Assistant conversation. - operationId: CreateConversation - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Create a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/current_user/conversations/_find: - get: - description: Get a list of all conversations for the current user. - operationId: FindConversations - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Conversations per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get conversations - tags: - - Security AI Assistant API - - Conversations API - /api/security_ai_assistant/current_user/conversations/{id}: - delete: - description: Delete an existing conversation using the conversation ID. - operationId: DeleteConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Delete a conversation - tags: - - Security AI Assistant API - - Conversation API - get: - description: Get the details of an existing conversation using the conversation ID. - operationId: ReadConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get a conversation - tags: - - Security AI Assistant API - - Conversations API - put: - description: Update an existing conversation using the conversation ID. - operationId: UpdateConversation - parameters: - - description: The conversation's `id` value. - in: path - name: id - required: true - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Update a conversation - tags: - - Security AI Assistant API - - Conversation API - /api/security_ai_assistant/prompts/_bulk_action: - post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. - operationId: PerformPromptsBulkAction - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - create: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps - type: array - delete: - type: object - properties: - ids: - description: Array of prompts IDs - items: - type: string - minItems: 1 - type: array - query: - description: Query to filter promps - type: string - update: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Apply a bulk action to prompts - tags: - - Security AI Assistant API - - Bulk API - /api/security_ai_assistant/prompts/_find: - get: - description: Get a list of all prompts. - operationId: FindPrompts - parameters: - - in: query - name: fields - required: false - schema: - items: - type: string - type: array - - description: Search query - in: query - name: filter - required: false - schema: - type: string - - description: Field to sort by - in: query - name: sort_field - required: false - schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField - - description: Sort order - in: query - name: sort_order - required: false - schema: - $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' - - description: Page number - in: query - name: page - required: false - schema: - default: 1 - minimum: 1 - type: integer - - description: Prompts per page - in: query - name: per_page - required: false - schema: - default: 20 - minimum: 0 - type: integer - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - required: - - page - - perPage - - total - - data - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - summary: Get prompts - tags: - - Security AI Assistant API - - Prompts API - /api/security/role: - get: - operationId: get-security-role - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: - '200': - description: Indicates a successful call. - summary: Get all roles - tags: - - roles - /api/security/role/{name}: - delete: - operationId: delete-security-role-name - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a role - tags: - - roles - get: - operationId: get-security-role-name - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The role name. - in: path - name: name - required: true - schema: - minLength: 1 - type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. - in: query - name: replaceDeprecatedPrivileges - required: false - schema: - type: boolean - responses: - '200': - description: Indicates a successful call. - summary: Get a role - tags: - - roles - put: - description: >- - Create a new Kibana role or update the attributes of an existing role. - Kibana roles are stored in the Elasticsearch native realm. - operationId: put-security-role-name - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The role name. - in: path - name: name - required: true - schema: - maxLength: 1024 - minLength: 1 - type: string - - description: When true, a role is not overwritten if it already exists. - in: query - name: createOnly - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - covers the restricted indices too. - type: boolean - field_security: - additionalProperties: - items: - description: >- - The document fields that the role members have - read access to. - type: string - type: array - type: object - names: - items: - description: >- - The data streams, indices, and aliases to which - the permissions in this entry apply. It supports - wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that the role members - have for the data streams and indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The cluster level privileges for the remote - cluster. The allowed values are a subset of the - cluster privileges. - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - will cover the restricted indices too. - type: boolean - clusters: - items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: >- - The document fields that the role members have - read access to. - type: string - type: array - type: object - names: - items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that role members - have for the specified indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - description: A user name that the role member can impersonate. - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: >- - A base privilege that grants applies to all - spaces. - type: string - type: array - - items: - description: >- - A base privilege that applies to specific - spaces. - type: string - type: array - feature: - additionalProperties: - items: - description: >- - The privileges that the role member has for the - feature. - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - responses: - '204': - description: Indicates a successful call. - summary: Create or update a role - tags: - - roles - /api/security/roles: - post: - operationId: post-security-roles - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - description: A description for the role. - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field covers the restricted - indices too. - type: boolean - field_security: - additionalProperties: - items: - description: >- - The document fields that the role - members have read access to. - type: string - type: array - type: object - names: - items: - description: >- - The data streams, indices, and aliases to - which the permissions in this entry apply. - It supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that the role - members have for the data streams and - indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role members. - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The cluster level privileges for the - remote cluster. The allowed values are a - subset of the cluster privileges. - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field will cover the restricted - indices too. - type: boolean - clusters: - items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - description: >- - The document fields that the role - members have read access to. - type: string - type: array - type: object - names: - items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). - type: string - minItems: 1 - type: array - privileges: - items: - description: >- - The index level privileges that role - members have for the specified indices. - type: string - minItems: 1 - type: array - query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role - members. - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - description: >- - A user name that the role member can - impersonate. - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - description: >- - A base privilege that grants applies to - all spaces. - type: string - type: array - - items: - description: >- - A base privilege that applies to specific - spaces. - type: string - type: array - feature: - additionalProperties: - items: - description: >- - The privileges that the role member has for - the feature. - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - description: A space that the privilege applies to. - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object - required: - - roles - responses: - '200': - description: Indicates a successful call. - summary: Create or update roles - tags: - - roles - /api/spaces/_copy_saved_objects: - post: - description: >- - It also allows you to automatically copy related objects, so when you - copy a dashboard, this can automatically copy over the associated - visualizations, data views, and saved searches, as required. You can - request to overwrite any objects that already exist in the target space - if they share an identifier or you can use the resolve copy saved - objects conflicts API to do this on a per-object basis. - operationId: post-spaces-copy-saved-objects - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - description: >- - Apply various adjustments to the saved objects that are - being copied to maintain compatibility between different - Kibana versions. Use this option only if you encounter - issues with copied saved objects. This option cannot be used - with the `createNewCopies` option. - type: boolean - createNewCopies: - default: true - description: >- - Create new copies of saved objects, regenerate each object - identifier, and reset the origin. When used, potential - conflict errors are avoided. This option cannot be used - with the `overwrite` and `compatibilityMode` options. - type: boolean - includeReferences: - default: false - description: >- - When set to true, all saved objects related to the specified - saved objects will also be copied into the target spaces. - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to copy. - type: string - type: - description: The type of the saved object to copy. - type: string - required: - - type - - id - type: array - overwrite: - default: false - description: >- - When set to true, all conflicts are automatically - overridden. When a saved object with a matching type and - identifier exists in the target space, that version is - replaced with the version from the source space. This option - cannot be used with the `createNewCopies` option. - type: boolean - spaces: - items: - description: >- - The identifiers of the spaces where you want to copy the - specified objects. - type: string - type: array - required: - - spaces - - objects - responses: {} - summary: Copy saved objects between spaces - tags: - - spaces - /api/spaces/_disable_legacy_url_aliases: - post: - operationId: post-spaces-disable-legacy-url-aliases - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - aliases: - items: - additionalProperties: false - type: object - properties: - sourceId: - description: >- - The alias source object identifier. This is the legacy - object identifier. - type: string - targetSpace: - description: The space where the alias target object exists. - type: string - targetType: - description: 'The type of alias target object. ' - type: string - required: - - targetSpace - - targetType - - sourceId - type: array - required: - - aliases - responses: {} - summary: Disable legacy URL aliases - tags: - - spaces - /api/spaces/_get_shareable_references: - post: - description: Collect references and space contexts for saved objects. - operationId: post-spaces-get-shareable-references - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - required: - - objects - responses: {} - summary: Get shareable references - tags: - - spaces - /api/spaces/_resolve_copy_saved_objects_errors: - post: - description: >- - Overwrite saved objects that are returned as errors from the copy saved - objects to space API. - operationId: post-spaces-resolve-copy-saved-objects-errors - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - compatibilityMode: - default: false - type: boolean - createNewCopies: - default: true - type: boolean - includeReferences: - default: false - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - retries: - additionalProperties: - items: - additionalProperties: false - type: object - properties: - createNewCopy: - description: >- - Creates new copies of the saved objects, regenerates - each object ID, and resets the origin. - type: boolean - destinationId: - description: >- - Specifies the destination identifier that the copied - object should have, if different from the current - identifier. - type: string - id: - description: The saved object identifier. - type: string - ignoreMissingReferences: - description: >- - When set to true, any missing references errors are - ignored. - type: boolean - overwrite: - default: false - description: >- - When set to true, the saved object from the source - space overwrites the conflicting object in the - destination space. - type: boolean - type: - description: The saved object type. - type: string - required: - - type - - id - type: array - type: object - required: - - retries - - objects - responses: {} - summary: Resolve conflicts copying saved objects - tags: [] - /api/spaces/_update_objects_spaces: - post: - description: Update one or more saved objects to add or remove them from some spaces. - operationId: post-spaces-update-objects-spaces - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - description: The identifier of the saved object to update. - type: string - type: - description: The type of the saved object to update. - type: string - required: - - type - - id - type: array - spacesToAdd: - items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. - type: string - type: array - spacesToRemove: - items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. - type: string - type: array - required: - - objects - - spacesToAdd - - spacesToRemove - responses: {} - summary: Update saved objects in spaces - tags: - - spaces - /api/spaces/space: - get: - operationId: get-spaces-space - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: - '200': - description: Indicates a successful call. - summary: Get all spaces - tags: - - spaces - post: - operationId: post-spaces-space - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Create a space - tags: - - spaces - /api/spaces/space/{id}: - delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. - operationId: delete-spaces-space-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - '404': - description: Indicates that the request failed. - summary: Delete a space - tags: - - spaces - get: - operationId: get-spaces-space-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: The space identifier. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - description: Indicates a successful call. - summary: Get a space - tags: - - spaces - put: - operationId: put-spaces-space-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - _reserved: - type: boolean - color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. - type: string - description: - description: A description for the space. - type: string - disabledFeatures: - default: [] - items: - description: The list of features that are turned off in the space. - type: string - type: array - id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. - type: string - imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. - type: string - initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. - maxLength: 2 - type: string - name: - description: 'The display name for the space. ' - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic - type: string - required: - - id - - name - responses: - '200': - description: Indicates a successful call. - summary: Update a space - tags: - - spaces - /api/status: - get: - operationId: get-status - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - /api/timeline: - delete: - description: Delete one or more Timelines or Timeline templates. - operationId: DeleteTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - savedObjectIds: - items: - type: string - type: array - searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines - items: - type: string - type: array - required: - - savedObjectIds - description: The IDs of the Timelines or Timeline templates to delete. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data - description: Indicates the Timeline was successfully deleted. - summary: Delete Timelines or Timeline templates - tags: - - Security Timeline API - - access:securitySolution - get: - description: Get the details of an existing saved Timeline or Timeline template. - operationId: GetTimeline - parameters: - - description: The ID of the template timeline to retrieve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the Timeline to retrieve. - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - required: - - getOneTimeline - required: - - data - - additionalProperties: false - type: object - description: Indicates that the (template) Timeline was found and returned. - summary: Get Timeline or Timeline template details - tags: - - Security Timeline API - - access:securitySolution - patch: - description: >- - Update an existing Timeline. You can update the title, description, date - range, pinned events, pinned queries, and/or pinned saved queries of an - existing Timeline. - operationId: PatchTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - version: - nullable: true - type: string - required: - - timelineId - - version - - timeline - description: The Timeline updates, along with the Timeline ID and version. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates that the user does not have the required access to create - a draft Timeline. - summary: Update a Timeline - tags: - - Security Timeline API - - access:securitySolution - post: - description: Create a new Timeline or Timeline template. - operationId: CreateTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - status: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - version: - nullable: true - type: string - required: - - timeline - description: >- - The required Timeline fields used to create a new Timeline, along with - optional fields that will be created if not provided. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates the Timeline was successfully created. - '405': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that there was an error in the Timeline creation. - summary: Create a Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_copy: - get: - description: | - Copies and returns a timeline or timeline template. - operationId: CopyTimeline - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - timelineIdToCopy: - type: string - required: - - timeline - - timelineIdToCopy - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the timeline has been successfully copied. - summary: Copies timeline or timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_draft: - get: - description: >- - Get the details of the draft Timeline or Timeline template for the - current user. If the user doesn't have a draft Timeline, an empty - Timeline is returned. - operationId: GetDraftTimelines - parameters: - - in: query - name: timelineType - required: true - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: Indicates that the draft Timeline was successfully retrieved. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - If a draft Timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft Timeline. - '409': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - This should never happen, but if a draft Timeline was not found and - we attempted to create one, it indicates that there is already a - draft Timeline with the given `timelineId`. - summary: Get draft Timeline or Timeline template details - tags: - - Security Timeline API - - access:securitySolution - post: - description: > - Create a clean draft Timeline or Timeline template for the current user. - - > info - - > If the user already has a draft Timeline, the existing draft Timeline - is cleared and returned. - operationId: CleanDraftTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - required: - - timelineType - description: >- - The type of Timeline to create. Valid values are `default` and - `template`. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft Timeline. - '409': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - message: - type: string - status_code: - type: number - description: >- - Indicates that there is already a draft Timeline with the given - `timelineId`. - summary: Create a clean draft Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_export: - post: - description: Export Timelines as an NDJSON file. - operationId: ExportTimelines - parameters: - - description: The name of the file to export - in: query - name: file_name - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - items: - type: string - nullable: true - type: array - description: The IDs of the Timelines to export. - required: true - responses: - '200': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - description: NDJSON of the exported Timelines - type: string - description: Indicates the Timelines were successfully exported. - '400': - content: - application/ndjson; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Indicates that the export size limit was exceeded. - summary: Export Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_favorite: - patch: - description: Favorite a Timeline or Timeline template for the current user. - operationId: PersistFavoriteRoute - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - templateTimelineId: - nullable: true - type: string - templateTimelineVersion: - nullable: true - type: number - timelineId: - nullable: true - type: string - timelineType: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - required: - - timelineId - - templateTimelineId - - templateTimelineVersion - - timelineType - description: The required fields used to favorite a (template) Timeline. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse - required: - - persistFavorite - required: - - data - description: Indicates the favorite status was successfully updated. - '403': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. - summary: Favorite a Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_import: - post: - description: Import Timelines. - operationId: ImportTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - file: {} - isImmutable: - enum: - - 'true' - - 'false' - type: string - required: - - file - description: The Timelines to import as a readable stream. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the import of Timelines was successful. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: >- - Indicates the import of Timelines was unsuccessful because of an - invalid file extension. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - statusCode: - type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - id: - type: string - statusCode: - type: number - description: Indicates the import of Timelines was unsuccessful. - summary: Import Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/_prepackaged: - post: - description: Install or update prepackaged Timelines. - operationId: InstallPrepackedTimelines - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - prepackagedTimelines: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject - nullable: true - type: array - timelinesToInstall: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - timelinesToUpdate: - items: - $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' - nullable: true - type: array - required: - - timelinesToInstall - - timelinesToUpdate - - prepackagedTimelines - description: The Timelines to install or update. - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult - description: Indicates the installation of prepackaged Timelines was successful. - '500': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: >- - Indicates the installation of prepackaged Timelines was - unsuccessful. - summary: Install prepackaged Timelines - tags: - - Security Timeline API - - access:securitySolution - /api/timeline/resolve: - get: - operationId: ResolveTimeline - parameters: - - description: The ID of the template timeline to resolve - in: query - name: template_timeline_id - schema: - type: string - - description: The ID of the timeline to resolve - in: query - name: id - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - type: object - properties: - data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline - required: - - data - - additionalProperties: false - type: object - description: The (template) Timeline has been found - '400': - description: The request is missing parameters - '404': - description: The (template) Timeline was not found - summary: Get an existing saved Timeline or Timeline template - tags: - - Security Timeline API - - access:securitySolution - /api/timelines: - get: - description: Get a list of all saved Timelines or Timeline templates. - operationId: GetTimelines - parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. - in: query - name: only_user_favorite - schema: - enum: - - 'true' - - 'false' - nullable: true - type: string - - in: query - name: timeline_type - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineType' - nullable: true - - in: query - name: sort_field - schema: - $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' - - in: query - name: sort_order - schema: - enum: - - asc - - desc - type: string - - in: query - name: page_size - schema: - nullable: true - type: string - - in: query - name: page_index - schema: - nullable: true - type: string - - in: query - name: search - schema: - nullable: true - type: string - - in: query - name: status - schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' - nullable: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - customTemplateTimelineCount: - type: number - defaultTimelineCount: - type: number - elasticTemplateTimelineCount: - type: number - favoriteCount: - type: number - templateTimelineCount: - type: number - timeline: - items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse - type: array - totalCount: - type: number - required: - - timeline - - totalCount - description: Indicates that the (template) Timelines were found and returned. - '400': - content: - application:json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: string - statusCode: - type: number - description: Bad request. The user supplied invalid data. - summary: Get Timelines or Timeline templates - tags: - - Security Timeline API - - access:securitySolution - /s/{spaceId}/api/observability/slos: - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: The page to use for pagination, must be greater or equal than 1 - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs - tags: - - slo - post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/_delete_instances: - post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}: - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO - tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO - tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/_reset: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/disable: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO - tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/enable: - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO tags: - slo components: @@ -43297,7 +23408,7 @@ components: value: - actionTypeId: .jira config: - apiUrl: https://elastic.atlassian.net/ + apiUrl: 'https://elastic.atlassian.net/' projectKey: ES id: 61787f53-4eee-4741-8df6-8fe84fa616f7 isDeprecated: false @@ -43570,7 +23681,7 @@ components: connector_name: My connector external_id: '71926' external_title: ES-554 - external_url: https://cases.jira.com + external_url: 'https://cases.jira.com' pushed_at: '2022-07-29T01:20:58.436Z' pushed_by: email: null @@ -43640,7 +23751,7 @@ components: type: .jira created_at: '2024-07-01T17:07:17.767Z' created_by: - email: null, + email: 'null,' full_name: null profile_uid: u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0 username: elastic @@ -43757,7 +23868,7 @@ components: username: elastic version: WzI2LDNd Cases_update_case_request: - summary: Update the case description, tags, and connector. + summary: 'Update the case description, tags, and connector.' value: cases: - connector: @@ -43820,7 +23931,7 @@ components: connector_name: Jira external_id: '10003' external_title: IS-4 - external_url: https://hms.atlassian.net/browse/IS-4 + external_url: 'https://hms.atlassian.net/browse/IS-4' pushed_at: '2023-10-13T09:20:40.672Z' pushed_by: email: null @@ -43928,7 +24039,7 @@ components: runtimeFieldMap: runtime_shape_name: script: - source: emit(doc['shape_name'].value) + source: 'emit(doc[''shape_name''].value)' type: keyword title: logstash-* Data_views_create_runtime_field_request: @@ -43937,7 +24048,7 @@ components: name: runtimeFoo runtimeField: script: - source: emit(doc["foo"].value) + source: 'emit(doc["foo"].value)' type: long Data_views_get_data_view_response: summary: >- @@ -43959,35 +24070,35 @@ components: products.base_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.base_unit_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.min_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.taxful_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' products.taxless_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' taxful_total_price: id: number params: - pattern: $0,0.[00] + pattern: '$0,0.[00]' taxless_total_price: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' fields: _id: aggregatable: false @@ -44463,7 +24574,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: products.base_price readFromDocValues: true @@ -44479,7 +24590,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: products.base_unit_price readFromDocValues: true @@ -44599,7 +24710,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: products.min_price readFromDocValues: true @@ -44615,7 +24726,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: products.price readFromDocValues: true @@ -44718,7 +24829,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: products.taxful_price readFromDocValues: true @@ -44734,7 +24845,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: products.taxless_price readFromDocValues: true @@ -44778,7 +24889,7 @@ components: format: id: number params: - pattern: $0,0.[00] + pattern: '$0,0.[00]' isMapped: true name: taxful_total_price readFromDocValues: true @@ -44794,7 +24905,7 @@ components: format: id: number params: - pattern: $0,0.00 + pattern: '$0,0.00' isMapped: true name: taxless_total_price readFromDocValues: true @@ -44905,7 +25016,7 @@ components: AvgTicketPrice: id: number params: - pattern: $0,0.[00] + pattern: '$0,0.[00]' hour_of_day: id: number params: @@ -44973,7 +25084,7 @@ components: format: id: number params: - pattern: $0,0.[00] + pattern: '$0,0.[00]' isMapped: true name: AvgTicketPrice readFromDocValues: true @@ -45248,7 +25359,7 @@ components: readFromDocValues: false runtimeField: script: - source: emit(doc['timestamp'].value.getHour()); + source: 'emit(doc[''timestamp''].value.getHour());' type: long scripted: false searchable: true @@ -45373,7 +25484,7 @@ components: runtimeFieldMap: hour_of_day: script: - source: emit(doc['timestamp'].value.getHour()); + source: 'emit(doc[''timestamp''].value.getHour());' type: long sourceFilters: [] timeFieldName: timestamp @@ -45388,7 +25499,7 @@ components: readFromDocValues: false runtimeField: script: - source: emit(doc['timestamp'].value.getHour()); + source: 'emit(doc[''timestamp''].value.getHour());' type: long scripted: false searchable: true @@ -45436,7 +25547,7 @@ components: value: runtimeField: script: - source: emit(doc["bar"].value) + source: 'emit(doc["bar"].value)' Machine_learning_APIs_mlSyncExample: summary: Two anomaly detection jobs required synchronization in this example. value: @@ -45568,541 +25679,2210 @@ components: required: true schema: type: string - Cases_alert_id: - description: An identifier for the alert. + Cases_alert_id: + description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + type: string + Cases_assignees_filter: + description: > + Filters the returned cases by assignees. Valid values are `none` or + unique identifiers for the user profiles. These identifiers can be found + by using the suggest user profile API. + in: query + name: assignees + schema: + oneOf: + - $ref: '#/components/schemas/Cases_string' + - $ref: '#/components/schemas/Cases_string_array' + Cases_case_id: + description: >- + The identifier for the case. To retrieve case IDs, use the find cases + API. All non-ASCII characters must be URL encoded. + in: path + name: caseId + required: true + schema: + example: 9c235210-6834-11ea-a78c-6ffb38a34414 + type: string + Cases_category: + description: Filters the returned cases by category. + in: query + name: category + schema: + oneOf: + - $ref: '#/components/schemas/Cases_case_category' + - $ref: '#/components/schemas/Cases_case_categories' + Cases_comment_id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + case or find cases APIs. + in: path + name: commentId + required: true + schema: + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + type: string + Cases_configuration_id: + description: An identifier for the configuration. + in: path + name: configurationId + required: true + schema: + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + type: string + Cases_connector_id: + description: >- + An identifier for the connector. To retrieve connector IDs, use the find + connectors API. + in: path + name: connectorId + required: true + schema: + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + type: string + Cases_defaultSearchOperator: + description: he default operator to use for the simple_query_string. + example: OR + in: query + name: defaultSearchOperator + schema: + default: OR + type: string + Cases_from: + description: > + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + in: query + name: from + schema: + example: now-1d + type: string + Cases_ids: + description: > + The cases that you want to removed. All non-ASCII characters must be URL + encoded. + example: d4e7abb0-b462-11ec-9a8d-698504725a43 + in: query + name: ids + required: true + schema: + items: + maxItems: 100 + minItems: 1 + type: string + type: array + Cases_includeComments: + deprecated: true + description: >- + Deprecated in 8.1.0. This parameter is deprecated and will be removed in + a future release. It determines whether case comments are returned. + in: query + name: includeComments + schema: + default: true + type: boolean + Cases_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Cases_owner_filter: + description: > + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + example: cases + in: query + name: owner + schema: + oneOf: + - $ref: '#/components/schemas/Cases_owner' + - $ref: '#/components/schemas/Cases_owners' + Cases_page_index: + description: The page number to return. + in: query + name: page + required: false + schema: + default: 1 + type: integer + Cases_page_size: + description: The number of items to return. Limited to 100 items. + in: query + name: perPage + required: false + schema: + default: 20 + maximum: 100 + type: integer + Cases_reporters: + description: Filters the returned cases by the user name of the reporter. + example: elastic + in: query + name: reporters + schema: + oneOf: + - $ref: '#/components/schemas/Cases_string' + - $ref: '#/components/schemas/Cases_string_array' + Cases_search: + description: >- + An Elasticsearch simple_query_string query that filters the objects in + the response. + in: query + name: search + schema: + type: string + Cases_searchFields: + description: The fields to perform the simple_query_string parsed query against. + in: query + name: searchFields + schema: + oneOf: + - $ref: '#/components/schemas/Cases_searchFieldsType' + - $ref: '#/components/schemas/Cases_searchFieldsTypeArray' + Cases_severity: + description: The severity of the case. + in: query + name: severity + schema: + enum: + - critical + - high + - low + - medium + type: string + Cases_sort_order: + description: Determines the sort order. + in: query + name: sortOrder + required: false + schema: + default: desc + enum: + - asc + - desc + type: string + Cases_sortField: + description: Determines which field is used to sort the results. + example: updatedAt + in: query + name: sortField + schema: + default: createdAt + enum: + - createdAt + - updatedAt + - closedAt + - title + - category + - status + - severity + type: string + Cases_status: + description: Filters the returned cases by state. + example: open + in: query + name: status + schema: + enum: + - closed + - in-progress + - open + type: string + Cases_tags: + description: Filters the returned cases by tags. + example: tag-1 + in: query + name: tags + schema: + oneOf: + - $ref: '#/components/schemas/Cases_string' + - $ref: '#/components/schemas/Cases_string_array' + Cases_to: + description: > + Returns only cases that were created before a specific date. The date + must be specified as a KQL data range or date match expression. + example: now+1d + in: query + name: to + schema: + type: string + Cases_user_action_types: + description: Determines the types of user actions to return. + example: create_case + in: query + name: types + schema: + items: + enum: + - action + - alert + - assignees + - attachment + - comment + - connector + - create_case + - description + - pushed + - settings + - severity + - status + - tags + - title + - user + type: string + type: array + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. in: path - name: alertId + name: viewId required: true schema: - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f type: string - Cases_assignees_filter: - description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. + Fleet_format: + description: Simplified or legacy format for package inputs in: query - name: assignees + name: format + required: false schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_case_id: - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. - in: path - name: caseId + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf required: true schema: - example: 9c235210-6834-11ea-a78c-6ffb38a34414 type: string - Cases_category: - description: Filters the returned cases by category. + Fleet_kuery: in: query - name: category + name: kuery + required: false schema: - oneOf: - - $ref: '#/components/schemas/Cases_case_category' - - $ref: '#/components/schemas/Cases_case_categories' - Cases_comment_id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. - in: path - name: commentId + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: 'Return agent metrics, false by default' + in: query + name: withMetrics + required: false + schema: + type: boolean + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf required: true schema: - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 type: string - Cases_configuration_id: - description: An identifier for the configuration. + Saved_objects_saved_object_id: + description: An identifier for the saved object. in: path - name: configurationId + name: id required: true schema: - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 type: string - Cases_connector_id: + Saved_objects_saved_object_type: description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. + Valid options include `visualization`, `dashboard`, `search`, + `index-pattern`, `config`. in: path - name: connectorId + name: type required: true schema: - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 type: string - Cases_defaultSearchOperator: - description: he default operator to use for the simple_query_string. - example: OR - in: query - name: defaultSearchOperator + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true schema: - default: OR type: string - Cases_from: + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: + Alerting_401_response: + properties: + error: + enum: + - Unauthorized + example: Unauthorized + type: string + message: + type: string + statusCode: + enum: + - 401 + example: 401 + type: integer + title: Unsuccessful rule API response + type: object + Alerting_alert_response_properties: + title: Legacy alert response properties + type: object + properties: + actions: + items: + type: object + type: array + alertTypeId: + example: .index-threshold + type: string + apiKeyOwner: + example: elastic + nullable: true + type: string + createdAt: + description: The date and time that the alert was created. + example: '2022-12-05T23:36:58.284Z' + format: date-time + type: string + createdBy: + description: The identifier for the user that created the alert. + example: elastic + type: string + enabled: + description: Indicates whether the alert is currently enabled. + example: true + type: boolean + executionStatus: + type: object + properties: + lastExecutionDate: + example: '2022-12-06T00:13:43.890Z' + format: date-time + type: string + status: + example: ok + type: string + id: + description: The identifier for the alert. + example: b530fed0-74f5-11ed-9801-35303b735aef + type: string + muteAll: + example: false + type: boolean + mutedInstanceIds: + items: + type: string + nullable: true + type: array + name: + description: The name of the alert. + example: my alert + type: string + notifyWhen: + example: onActionGroupChange + type: string + params: + additionalProperties: true + type: object + schedule: + type: object + properties: + interval: + type: string + scheduledTaskId: + example: b530fed0-74f5-11ed-9801-35303b735aef + type: string + tags: + items: + type: string + type: array + throttle: + nullable: true + type: string + updatedAt: + example: '2022-12-05T23:36:58.284Z' + type: string + updatedBy: + description: The identifier for the user that updated this alert most recently. + example: elastic + nullable: true + type: string + Alerting_fieldmap_properties: + title: Field map objects in the get rule types response + type: object + properties: + array: + description: Indicates whether the field is an array. + type: boolean + dynamic: + description: Indicates whether it is a dynamic field mapping. + type: boolean + format: + description: > + Indicates the format of the field. For example, if the `type` is + `date_range`, the `format` can be + `epoch_millis||strict_date_optional_time`. + type: string + ignore_above: + description: >- + Specifies the maximum length of a string field. Longer strings are + not indexed or stored. + type: integer + index: + description: Indicates whether field values are indexed. + type: boolean + path: + description: TBD + type: string + properties: + additionalProperties: + type: object + properties: + type: + description: The data type for each object property. + type: string + description: > + Details about the object properties. This property is applicable + when `type` is `object`. + type: object + required: + description: Indicates whether the field is required. + type: boolean + scaling_factor: + description: > + The scaling factor to use when encoding values. This property is + applicable when `type` is `scaled_float`. Values will be multiplied + by this factor at index time and rounded to the closest long value. + type: integer + type: + description: Specifies the data type for the field. + example: scaled_float + type: string + Cases_4xx_response: + properties: + error: + example: Unauthorized + type: string + message: + type: string + statusCode: + example: 401 + type: integer + title: Unsuccessful cases API response + type: object + Cases_action_types: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + type: string + Cases_actions: + enum: + - add + - create + - delete + - push_to_service + - update + example: create + type: string + Cases_add_alert_comment_request_properties: + description: Defines properties for case comment requests when type is alert. + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owner' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + enum: + - alert + example: alert + type: string + required: + - alertId + - index + - owner + - rule + - type + title: Add case comment request properties for alerts + Cases_add_case_comment_request: + description: >- + The add comment to case API request body varies depending on whether you + are adding an alert or a comment. + discriminator: + mapping: + alert: '#/components/schemas/Cases_add_alert_comment_request_properties' + user: '#/components/schemas/Cases_add_user_comment_request_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' + title: Add case comment request + Cases_add_user_comment_request_properties: + description: Defines properties for case comment requests when type is user. + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + example: A new comment. + maxLength: 30000 + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + type: + description: The type of comment. + enum: + - user + example: user + type: string + required: + - comment + - owner + - type + title: Add case comment request properties for user comments + type: object + Cases_alert_comment_response_properties: + title: Add case comment response properties for alerts + type: object + properties: + alertId: + items: + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + type: string + type: array + created_at: + example: '2023-11-06T19:29:38.424Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + id: + example: 73362370-ab1a-11ec-985f-97e55adae8b9 + type: string + index: + items: + example: .internal.alerts-security.alerts-default-000001 + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owner' + pushed_at: + example: null + format: date-time + nullable: true + type: string + pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert + example: alert + type: string + updated_at: + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzMwNDgsMV0= + type: string + required: + - type + Cases_alert_identifiers: description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. - in: query - name: from - schema: - example: now-1d - type: string - Cases_ids: + The alert identifiers. It is required only when `type` is `alert`. You + can use an array of strings to add multiple alerts to a case, provided + that they all relate to the same rule; `index` must also be an array + with the same length or number of elements. Adding multiple alerts in + this manner is recommended rather than calling the API multiple times. + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert identifiers + x-technical-preview: true + Cases_alert_indices: description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - in: query - name: ids - required: true - schema: - items: - maxItems: 100 - minItems: 1 + The alert indices. It is required only when `type` is `alert`. If you + are adding multiple alerts to a case, use an array of strings; the + position of each index name in the array must match the position of the + corresponding alert identifier in the `alertId` array. This + functionality is in technical preview and may be changed or removed in a + future release. Elastic will work to fix any issues, but features in + technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert indices + x-technical-preview: true + Cases_alert_response_properties: + type: object + properties: + attached_at: + format: date-time type: string - type: array - Cases_includeComments: - deprecated: true - description: >- - Deprecated in 8.1.0. This parameter is deprecated and will be removed in - a future release. It determines whether case comments are returned. - in: query - name: includeComments - schema: - default: true - type: boolean - Cases_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_owner_filter: - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. - example: cases - in: query - name: owner - schema: - oneOf: - - $ref: '#/components/schemas/Cases_owner' - - $ref: '#/components/schemas/Cases_owners' - Cases_page_index: - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - type: integer - Cases_page_size: - description: The number of items to return. Limited to 100 items. - in: query - name: perPage - required: false - schema: - default: 20 - maximum: 100 - type: integer - Cases_reporters: - description: Filters the returned cases by the user name of the reporter. - example: elastic - in: query - name: reporters - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_search: - description: >- - An Elasticsearch simple_query_string query that filters the objects in - the response. - in: query - name: search - schema: - type: string - Cases_searchFields: - description: The fields to perform the simple_query_string parsed query against. - in: query - name: searchFields - schema: - oneOf: - - $ref: '#/components/schemas/Cases_searchFieldsType' - - $ref: '#/components/schemas/Cases_searchFieldsTypeArray' - Cases_severity: - description: The severity of the case. - in: query - name: severity - schema: - enum: - - critical - - high - - low - - medium - type: string - Cases_sort_order: - description: Determines the sort order. - in: query - name: sortOrder - required: false - schema: - default: desc - enum: - - asc - - desc - type: string - Cases_sortField: - description: Determines which field is used to sort the results. - example: updatedAt - in: query - name: sortField - schema: - default: createdAt - enum: - - createdAt - - updatedAt - - closedAt - - title - - category - - status - - severity - type: string - Cases_status: - description: Filters the returned cases by state. - example: open - in: query - name: status - schema: - enum: - - closed - - in-progress - - open - type: string - Cases_tags: - description: Filters the returned cases by tags. - example: tag-1 - in: query - name: tags - schema: - oneOf: - - $ref: '#/components/schemas/Cases_string' - - $ref: '#/components/schemas/Cases_string_array' - Cases_to: + id: + description: The alert identifier. + type: string + index: + description: The alert index. + type: string + Cases_assignees: + description: An array containing users that are assigned to the case. + items: + type: object + properties: + uid: + description: >- + A unique identifier for the user profile. These identifiers can be + found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + type: string + required: + - uid + maxItems: 10 + nullable: true + type: array + Cases_case_categories: + items: + $ref: '#/components/schemas/Cases_case_category' + maxItems: 100 + type: array + Cases_case_category: + description: A word or phrase that categorizes the case. + maxLength: 50 + type: string + Cases_case_description: + description: The description for the case. + maxLength: 30000 + type: string + Cases_case_response_closed_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for closed_by + type: object + Cases_case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Cases_case_response_properties: + title: Case response properties + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + description: The case category. + nullable: true + type: string + closed_at: + format: date-time + nullable: true + type: string + closed_by: + $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + comments: + description: An array of comment objects for the case. + items: + discriminator: + mapping: + alert: '#/components/schemas/Cases_alert_comment_response_properties' + user: '#/components/schemas/Cases_user_comment_response_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + maxItems: 10000 + title: Case response properties for comments + type: array + connector: + discriminator: + mapping: + .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' + .jira: '#/components/schemas/Cases_connector_properties_jira' + .none: '#/components/schemas/Cases_connector_properties_none' + .resilient: '#/components/schemas/Cases_connector_properties_resilient' + .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' + .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' + .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + title: Case response properties for connectors + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + customFields: + description: Custom field values for the case. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + type: array + description: + example: A case description. + type: string + duration: + description: > + The elapsed time from the creation of the case to its closure (in + seconds). If the case has not been closed, the duration is set to + null. If the case was closed after less than half a second, the + duration is rounded down to zero. + example: 120 + nullable: true + type: integer + external_service: + $ref: '#/components/schemas/Cases_external_service' + id: + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + example: + - tag-1 + items: + type: string + type: array + title: + example: Case title 1 + type: string + totalAlerts: + example: 0 + type: integer + totalComment: + example: 0 + type: integer + updated_at: + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + example: WzUzMiwxXQ== + type: string + required: + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version + Cases_case_response_pushed_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for pushed_by + type: object + Cases_case_response_updated_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for updated_by + type: object + Cases_case_severity: + default: low + description: The severity of the case. + enum: + - critical + - high + - low + - medium + type: string + Cases_case_status: + description: The status of the case. + enum: + - closed + - in-progress + - open + type: string + Cases_case_tags: description: > - Returns only cases that were created before a specific date. The date - must be specified as a KQL data range or date match expression. - example: now+1d - in: query - name: to - schema: + The words and phrases that help categorize cases. It can be an empty + array. + items: + maxLength: 256 type: string - Cases_user_action_types: - description: Determines the types of user actions to return. - example: create_case - in: query - name: types - schema: - items: + maxItems: 200 + type: array + Cases_case_title: + description: A title for the case. + maxLength: 160 + type: string + Cases_closure_types: + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). + enum: + - close-by-pushing + - close-by-user + example: close-by-user + type: string + Cases_connector_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + example: null + nullable: true + type: string + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. enum: - - action - - alert - - assignees - - attachment - - comment - - connector - - create_case - - description - - pushed - - settings - - severity - - status - - tags - - title - - user + - .cases-webhook + example: .cases-webhook type: string - type: array - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Saved_objects_saved_object_id: - description: An identifier for the saved object. - in: path - name: id - required: true - schema: - type: string - Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - in: path - name: type - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - schemas: - Alerting_401_response: + required: + - fields + - id + - name + - type + title: Create or upate case request properties for Cases Webhook connector + Cases_connector_properties_jira: + description: Defines properties for connectors when type is `.jira`. + type: object properties: - error: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + issueType: + description: The type of issue. + nullable: true + type: string + parent: + description: 'The key of the parent issue, when the issue type is sub-task.' + nullable: true + type: string + priority: + description: The priority of the issue. + nullable: true + type: string + required: + - issueType + - parent + - priority + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. enum: - - Unauthorized - example: Unauthorized + - .jira + example: .jira type: string - message: + required: + - fields + - id + - name + - type + title: Create or update case request properties for a Jira connector + Cases_connector_properties_none: + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case without + a connector, specify null. To update a case to remove the connector, + specify null. + example: null + nullable: true type: string - statusCode: + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. To update a case to remove the connector, + specify `none`. + example: none + type: string + name: + description: >- + The name of the connector. To create a case without a connector, use + `none`. To update a case to remove the connector, specify `none`. + example: none + type: string + type: + description: >- + The type of connector. To create a case without a connector, use + `.none`. To update a case to remove the connector, specify `.none`. enum: - - 401 - example: 401 - type: integer - title: Unsuccessful rule API response + - .none + example: .none + type: string + required: + - fields + - id + - name + - type + title: Create or update case request properties for no connector + Cases_connector_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. type: object - Alerting_alert_response_properties: - title: Legacy alert response properties + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + nullable: true + type: object + properties: + issueTypes: + description: The type of incident. + items: + type: string + type: array + severityCode: + description: The severity code of the incident. + type: string + required: + - issueTypes + - severityCode + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .resilient + example: .resilient + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a IBM Resilient connector + Cases_connector_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + impact: + description: The effect an incident had on business. + nullable: true + type: string + severity: + description: The severity of the incident. + nullable: true + type: string + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + urgency: + description: The extent to which the incident resolution can be delayed. + nullable: true + type: string + required: + - category + - impact + - severity + - subcategory + - urgency + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow + example: .servicenow + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow ITSM connector + Cases_connector_properties_servicenow_sir: + description: Defines properties for connectors when type is `.servicenow-sir`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs. + nullable: true + type: boolean + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs. + nullable: true + type: boolean + priority: + description: The priority of the issue. + nullable: true + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow SecOps connector + Cases_connector_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. type: object properties: - actions: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + nullable: true + type: string + required: + - caseId + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .swimlane + example: .swimlane + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a Swimlane connector + Cases_connector_types: + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none + type: string + Cases_create_case_request: + description: >- + The create case API request body varies depending on the type of + connector. + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields that are + not specified in the request are set to null. items: type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 type: array - alertTypeId: - example: .index-threshold + description: + $ref: '#/components/schemas/Cases_case_description' + owner: + $ref: '#/components/schemas/Cases_owner' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + required: + - connector + - description + - owner + - settings + - tags + - title + title: Create case request + type: object + Cases_external_service: + nullable: true + type: object + properties: + connector_id: type: string - apiKeyOwner: - example: elastic - nullable: true + connector_name: type: string - createdAt: - description: The date and time that the alert was created. - example: '2022-12-05T23:36:58.284Z' - format: date-time + external_id: type: string - createdBy: - description: The identifier for the user that created the alert. - example: elastic + external_title: type: string - enabled: - description: Indicates whether the alert is currently enabled. - example: true - type: boolean - executionStatus: + external_url: + type: string + pushed_at: + format: date-time + type: string + pushed_by: + nullable: true type: object properties: - lastExecutionDate: - example: '2022-12-06T00:13:43.890Z' - format: date-time + email: + example: null + nullable: true type: string - status: - example: ok + full_name: + example: null + nullable: true type: string - id: - description: The identifier for the alert. - example: b530fed0-74f5-11ed-9801-35303b735aef + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + Cases_owner: + description: > + The application that owns the cases: Stack Management, Observability, or + Elastic Security. + enum: + - cases + - observability + - securitySolution + example: cases + type: string + Cases_owners: + items: + $ref: '#/components/schemas/Cases_owner' + type: array + Cases_payload_alert_comment: + type: object + properties: + comment: + type: object + properties: + alertId: + oneOf: + - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + type: string + - items: + type: string + type: array + index: + oneOf: + - example: .alerts-observability.logs.alerts-default + type: string + - items: + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owner' + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert + type: string + Cases_payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + Cases_payload_connector: + type: object + properties: + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none + type: string + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none + type: string + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + description: type: string - muteAll: - example: false - type: boolean - mutedInstanceIds: + owner: + $ref: '#/components/schemas/Cases_owner' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: items: + example: + - tag-1 type: string - nullable: true type: array - name: - description: The name of the alert. - example: my alert + title: type: string - notifyWhen: - example: onActionGroupChange + Cases_payload_delete: + description: >- + If the `action` is `delete` and the `type` is `delete_case`, the payload + is nullable. + nullable: true + type: object + Cases_payload_description: + type: object + properties: + description: type: string - params: - additionalProperties: true + Cases_payload_pushed: + type: object + properties: + externalService: + $ref: '#/components/schemas/Cases_external_service' + Cases_payload_settings: + type: object + properties: + settings: + $ref: '#/components/schemas/Cases_settings' + Cases_payload_severity: + type: object + properties: + severity: + $ref: '#/components/schemas/Cases_case_severity' + Cases_payload_status: + type: object + properties: + status: + $ref: '#/components/schemas/Cases_case_status' + Cases_payload_tags: + type: object + properties: + tags: + example: + - tag-1 + items: + type: string + type: array + Cases_payload_title: + type: object + properties: + title: + type: string + Cases_payload_user_comment: + type: object + properties: + comment: type: object - schedule: + properties: + comment: + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + type: + enum: + - user + type: string + Cases_rule: + description: > + The rule that is associated with the alerts. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Alerting rule + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + x-technical-preview: true + Cases_searchFieldsType: + description: The fields to perform the `simple_query_string` parsed query against. + enum: + - description + - title + type: string + Cases_searchFieldsTypeArray: + items: + $ref: '#/components/schemas/Cases_searchFieldsType' + type: array + Cases_set_case_configuration_request: + description: >- + External connection details, such as the closure type and default + connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. type: object properties: - interval: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none type: string - scheduledTaskId: - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string - tags: + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. items: - type: string + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + maxItems: 10 + minItems: 0 type: array - throttle: - nullable: true - type: string - updatedAt: - example: '2022-12-05T23:36:58.284Z' - type: string - updatedBy: - description: The identifier for the user that updated this alert most recently. - example: elastic - nullable: true - type: string - Alerting_fieldmap_properties: - title: Field map objects in the get rule types response + owner: + $ref: '#/components/schemas/Cases_owner' + templates: + $ref: '#/components/schemas/Cases_templates' + required: + - closure_type + - connector + - owner + title: Set case configuration request + type: object + Cases_settings: + description: An object that contains the case settings. type: object properties: - array: - description: Indicates whether the field is an array. - type: boolean - dynamic: - description: Indicates whether it is a dynamic field mapping. - type: boolean - format: - description: > - Indicates the format of the field. For example, if the `type` is - `date_range`, the `format` can be - `epoch_millis||strict_date_optional_time`. - type: string - ignore_above: - description: >- - Specifies the maximum length of a string field. Longer strings are - not indexed or stored. - type: integer - index: - description: Indicates whether field values are indexed. + syncAlerts: + description: Turns alert syncing on or off. + example: true type: boolean - path: - description: TBD - type: string + required: + - syncAlerts + Cases_string: + type: string + Cases_string_array: + items: + $ref: '#/components/schemas/Cases_string' + maxItems: 100 + type: array + Cases_template_tags: + description: > + The words and phrases that help categorize templates. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_templates: + items: + type: object properties: - additionalProperties: + caseFields: type: object properties: - type: - description: The data type for each object property. - type: string - description: > - Details about the object properties. This property is applicable - when `type` is `object`. - type: object - required: - description: Indicates whether the field is required. - type: boolean - scaling_factor: - description: > - The scaling factor to use when encoding values. This property is - applicable when `type` is `scaled_float`. Values will be multiplied - by this factor at index time and rounded to the closest long value. - type: integer - type: - description: Specifies the data type for the field. - example: scaled_float - type: string - Cases_4xx_response: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful cases API response - type: object - Cases_action_types: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - Cases_actions: - enum: - - add - - create - - delete - - push_to_service - - update - example: create - type: string - Cases_add_alert_comment_request_properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, therefore + it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector IDs, + use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + customFields: + description: Custom field values in the template. + items: + type: object + properties: + key: + description: The unique key for the custom field. + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + value: + description: > + The default value for the custom field when a case uses + the template. If the `type` is `text`, the default value + must be a string. If the `type` is `toggle`, the default + value must be boolean. + oneOf: + - type: string + - type: boolean + type: array + x-technical-preview: true + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + description: + description: A description for the template. + type: string + key: + description: > + A unique key for the template. Must be lower case and composed + only of a-z, 0-9, '_', and '-' characters. It is used in API calls + to refer to a specific template. + type: string + name: + description: The name of the template. + type: string + tags: + $ref: '#/components/schemas/Cases_template_tags' + type: array + x-technical-preview: true + Cases_update_alert_comment_request_properties: description: Defines properties for case comment requests when type is alert. type: object properties: alertId: $ref: '#/components/schemas/Cases_alert_identifiers' + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string index: $ref: '#/components/schemas/Cases_alert_indices' owner: @@ -46115,27 +27895,227 @@ components: - alert example: alert type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd + type: string + required: + - alertId + - id + - index + - owner + - rule + - type + - version + title: Update case comment request properties for alerts + Cases_update_case_comment_request: + description: >- + The update case comment API request body varies depending on whether you + are updating an alert or a comment. + discriminator: + mapping: + alert: '#/components/schemas/Cases_update_alert_comment_request_properties' + user: '#/components/schemas/Cases_update_user_comment_request_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' + title: Update case comment request + Cases_update_case_configuration_request: + description: > + You can update settings such as the closure type, custom fields, + templates, and the default connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + type: array + templates: + $ref: '#/components/schemas/Cases_templates' + version: + description: > + The version of the connector. To retrieve the version value, use the + get configuration API. + example: WzIwMiwxXQ== + type: string + required: + - version + title: Update case configuration request + type: object + Cases_update_case_request: + description: >- + The update case API request body varies depending on the type of + connector. + properties: + cases: + description: An array containing one or more case objects. + items: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: >- + #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: >- + #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields + that are not specified in the request are set to null. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key + value must exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified + in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, + it cannot be explicitly set to null. However, for cases + that existed when the required custom field was added, + the default value stored in Elasticsearch is + `undefined`. The value returned in the API and user + interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + maxLength: 30000 + type: string + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: + description: >- + The current version of the case. To determine this value, use + the get case or find cases APIs. + type: string + required: + - id + - version + maxItems: 100 + minItems: 1 + type: array required: - - alertId - - index - - owner - - rule - - type - title: Add case comment request properties for alerts - Cases_add_case_comment_request: - description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_add_alert_comment_request_properties' - user: '#/components/schemas/Cases_add_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' - title: Add case comment request - Cases_add_user_comment_request_properties: + - cases + title: Update case request + type: object + Cases_update_user_comment_request_properties: description: Defines properties for case comment requests when type is user. properties: comment: @@ -46143,6 +28123,12 @@ components: example: A new comment. maxLength: 30000 type: string + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string owner: $ref: '#/components/schemas/Cases_owner' type: @@ -46151,23 +28137,31 @@ components: - user example: user type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd + type: string required: - comment + - id - owner - type - title: Add case comment request properties for user comments + - version + title: Update case comment request properties for user comments type: object - Cases_alert_comment_response_properties: - title: Add case comment response properties for alerts + Cases_user_actions_find_response_properties: type: object properties: - alertId: - items: - example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - type: string - type: array + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true + type: string created_at: - example: '2023-11-06T19:29:38.424Z' + example: '2022-05-13T09:16:17.416Z' format: date-time type: string created_by: @@ -46193,13 +28187,140 @@ components: - full_name - username id: - example: 73362370-ab1a-11ec-985f-97e55adae8b9 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + owner: + $ref: '#/components/schemas/Cases_owner' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + type: string + version: + example: WzM1ODg4LDFd + type: string + required: + - action + - comment_id + - created_at + - created_by + - id + - owner + - payload + - type + - version + Cases_user_actions_response_properties: + type: object + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + case_id: + example: 22df07d0-03b1-11ed-920c-974bfa104448 + type: string + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owner' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + Cases_user_comment_response_properties: + title: Case response properties for user comments + type: object + properties: + comment: + example: A new comment. + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 type: string - index: - items: - example: .internal.alerts-security.alerts-default-000001 - type: string - type: array owner: $ref: '#/components/schemas/Cases_owner' pushed_at: @@ -46207,2236 +28328,2753 @@ components: format: date-time nullable: true type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - rule: + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' + type: + enum: + - user + example: user + type: string + updated_at: + example: null + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + example: WzIwNDMxLDFd + type: string + required: + - type + Data_views_400_response: + title: Bad request + type: object + properties: + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean + required: + - data_view + Data_views_data_view_response_object: + title: Data view response properties + type: object + properties: + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. + type: object + properties: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 + type: string + customLabel: + description: Custom label for the field. + type: string + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. + type: string + required: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request + type: object + properties: + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. + type: string + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. + type: string + required: + - fromId + - toId + Data_views_timefieldname: + description: 'The timestamp field name, which you use for time-based data views.' + type: string + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: 'When set to `rollup`, identifies the rollup data views.' + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + required: + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request + type: object + properties: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean + required: + - data_view + Fleet_agent: + title: Agent + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + components: + items: + $ref: '#/components/schemas/Fleet_agent_component' + type: array + default_api_key: + type: string + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + metrics: type: object properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string + cpu_avg: + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 + type: number + memory_size_byte_avg: + description: Average agent memory consumption during the last 5 minutes + type: number + policy_id: + type: string + policy_revision: + type: number + status: + $ref: '#/components/schemas/Fleet_agent_status' type: - enum: - - alert - example: alert + $ref: '#/components/schemas/Fleet_agent_type' + unenrolled_at: type: string - updated_at: - format: date-time - nullable: true + unenrollment_started_at: type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + required: + - type + - active + - enrolled_at + - id + - status + Fleet_agent_action: + oneOf: + - properties: + ack_data: type: string - full_name: - example: null - nullable: true + data: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN type: string - username: - example: elastic - nullable: true + - properties: + data: + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + type: type: string - required: - - email - - full_name - - username - version: - example: WzMwNDgsMV0= + title: Agent action + Fleet_agent_component: + title: Agent component + type: object + properties: + id: type: string - required: - - type - Cases_alert_identifiers: - description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert identifiers - x-state: Technical preview - Cases_alert_indices: - description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - items: - type: string - maxItems: 1000 + message: + type: string + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + type: string + units: + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' type: array - title: Alert indices - x-state: Technical preview - Cases_alert_response_properties: + Fleet_agent_component_status: + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + title: Agent component status + type: string + Fleet_agent_component_unit: + title: Agent component unit type: object properties: - attached_at: - format: date-time - type: string id: - description: The alert identifier. type: string - index: - description: The alert index. + message: type: string - Cases_assignees: - description: An array containing users that are assigned to the case. - items: - type: object - properties: - uid: - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - type: string - required: - - uid - maxItems: 10 - nullable: true - type: array - Cases_case_categories: - items: - $ref: '#/components/schemas/Cases_case_category' - maxItems: 100 - type: array - Cases_case_category: - description: A word or phrase that categorizes the case. - maxLength: 50 - type: string - Cases_case_description: - description: The description for the case. - maxLength: 30000 + payload: + type: object + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + Fleet_agent_component_unit_type: + enum: + - input + - output + title: Agent component unit type type: string - Cases_case_response_closed_by_properties: - nullable: true + Fleet_agent_diagnostics: + title: Agent diagnostics + type: object properties: - email: - example: null - nullable: true + actionId: type: string - full_name: - example: null - nullable: true + createTime: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + filePath: type: string - username: - example: elastic - nullable: true + id: + type: string + name: type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS required: - - email - - full_name - - username - title: Case response properties for closed_by + - id + - name + - createTime + - filePath + - actionId + - status + Fleet_agent_get_by_actions: + items: + items: + type: string + type: array + title: Agents get by action ids + type: array + Fleet_agent_metadata: + title: Agent metadata type: object - Cases_case_response_created_by_properties: - title: Case response properties for created_by + Fleet_agent_policy: + title: Agent Policy type: object properties: - email: - example: null + advanced_settings: + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs nullable: true - type: string - full_name: - example: null + type: object + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: nullable: true type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + description: type: string - username: - example: elastic + download_source_id: nullable: true type: string - required: - - email - - full_name - - username - Cases_case_response_properties: - title: Case response properties - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - description: The case category. + fleet_server_host_id: nullable: true type: string - closed_at: - format: date-time + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + monitoring_output_id: nullable: true type: string - closed_by: - $ref: '#/components/schemas/Cases_case_response_closed_by_properties' - comments: - description: An array of comment objects for the case. + monitoring_pprof_enabled: + type: boolean + name: + type: string + namespace: + type: string + overrides: + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter items: - discriminator: - mapping: - alert: '#/components/schemas/Cases_alert_comment_response_properties' - user: '#/components/schemas/Cases_user_comment_response_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' - maxItems: 10000 - title: Case response properties for comments + $ref: '#/components/schemas/Fleet_package_policy' type: array - connector: - discriminator: - mapping: - .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' - .jira: '#/components/schemas/Cases_connector_properties_jira' - .none: '#/components/schemas/Cases_connector_properties_none' - .resilient: '#/components/schemas/Cases_connector_properties_resilient' - .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' - .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' - .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - title: Case response properties for connectors - created_at: - example: '2022-05-13T09:16:17.416Z' + revision: + type: number + supports_agentless: + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + type: boolean + unenroll_timeout: + type: integer + unprivileged_agents: + type: number + updated_by: + type: string + updated_on: format: date-time type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - customFields: - description: Custom field values for the case. + required: + - id + - status + - name + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request + type: object + properties: + agent_features: items: type: object properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle + enabled: + type: boolean + name: type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean + required: + - name + - enabled type: array + data_output_id: + nullable: true + type: string description: - example: A case description. type: string - duration: - description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. - example: 120 + download_source_id: nullable: true - type: integer - external_service: - $ref: '#/components/schemas/Cases_external_service' + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array id: - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 type: string - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - example: - - tag-1 + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: items: + enum: + - metrics + - logs type: string type: array - title: - example: Case title 1 + monitoring_output_id: + nullable: true type: string - totalAlerts: - example: 0 + name: + type: string + namespace: + type: string + unenroll_timeout: type: integer - totalComment: - example: 0 + required: + - name + - namespace + Fleet_agent_policy_full: + oneOf: + - type: object + properties: + item: + type: string + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + title: Agent policy full response + type: object + Fleet_agent_policy_update_request: + title: Update agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + inactivity_timeout: type: integer - updated_at: - format: date-time + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: nullable: true type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_status: + enum: + - offline + - error + - online + - inactive + - warning + title: Elastic Agent status + type: string + Fleet_agent_type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + title: Agent type + type: string + Fleet_bulk_install_packages_response: + title: Bulk install packages response + type: object + properties: + items: + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + response: + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + required: + - items + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + rollout_duration_seconds: + description: rolling upgrade window duration in seconds + type: number + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + description: alternative upgrade binary download url + type: string + start_time: + description: start time of upgrade in ISO 8601 format + type: string version: - example: WzUzMiwxXQ== + description: version to upgrade to type: string required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by + - agents - version - Cases_case_response_pushed_by_properties: - nullable: true + Fleet_data_stream: + title: Data stream + type: object properties: - email: - example: null - nullable: true + dashboard: + items: + type: object + properties: + id: + type: string + title: + type: string + type: array + dataset: type: string - full_name: - example: null - nullable: true + index: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + last_activity_ms: + type: number + namespace: type: string - username: - example: elastic - nullable: true + package: type: string - required: - - email - - full_name - - username - title: Case response properties for pushed_by + package_version: + type: string + size_in_bytes: + type: number + size_in_bytes_formatted: + type: string + type: + type: string + Fleet_download_sources: + title: Download Source type: object - Cases_case_response_updated_by_properties: - nullable: true properties: - email: - example: null - nullable: true + host: type: string - full_name: - example: null - nullable: true + id: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + is_default: + type: boolean + name: type: string - username: - example: elastic + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the proxies + API for more information. nullable: true type: string required: - - email - - full_name - - username - title: Case response properties for updated_by - type: object - Cases_case_severity: - default: low - description: The severity of the case. - enum: - - critical - - high - - low - - medium - type: string - Cases_case_status: - description: The status of the case. - enum: - - closed - - in-progress - - open - type: string - Cases_case_tags: - description: > - The words and phrases that help categorize cases. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_case_title: - description: A title for the case. - maxLength: 160 - type: string - Cases_closure_types: - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). + - is_default + - name + - host + Fleet_elasticsearch_asset_type: enum: - - close-by-pushing - - close-by-user - example: close-by-user + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + title: Elasticsearch asset type type: string - Cases_connector_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. + Fleet_enrollment_api_key: + title: Enrollment API key type: object properties: - fields: - example: null - nullable: true + active: + description: >- + When false, the enrollment API key is revoked and cannot be used for + enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: type: string id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. type: string name: - description: The name of the connector. + description: The name of the enrollment API key. type: string - type: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - - fields - id - - name - - type - title: Create or upate case request properties for Cases Webhook connector - Cases_connector_properties_jira: - description: Defines properties for connectors when type is `.jira`. + - api_key_id + - api_key + - active + - created_at + Fleet_fleet_server_host: + title: Fleet Server Host type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - issueType: - description: The type of issue. - nullable: true - type: string - parent: - description: The key of the parent issue, when the issue type is sub-task. - nullable: true - type: string - priority: - description: The priority of the issue. - nullable: true - type: string - required: - - issueType - - parent - - priority + host_urls: + items: + type: string + type: array id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean name: - description: The name of the connector. type: string - type: - description: The type of connector. - enum: - - .jira - example: .jira + proxy_id: type: string required: - - fields + - fleet_server_hosts - id - - name - - type - title: Create or update case request properties for a Jira connector - Cases_connector_properties_none: - description: Defines properties for connectors when type is `.none`. + - is_default + - is_preconfigured + - host_urls + Fleet_fleet_settings_response: + title: Fleet settings response type: object properties: - fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. - example: null - nullable: true - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. - example: none - type: string - type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. - enum: - - .none - example: .none + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_setup_response: + title: Fleet Setup response + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + Fleet_fleet_status_response: + title: Fleet status response + type: object + properties: + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: type: string required: - - fields - - id - - name - - type - title: Create or update case request properties for no connector - Cases_connector_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. + - isReady + - missing_requirements + - missing_optional_features + Fleet_full_agent_policy: + title: Full agent policy type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + agent: nullable: true + type: string + fleet: + oneOf: + - type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + id: + type: string + inputs: + type: string + monitoring: type: object properties: - issueTypes: - description: The type of incident. - items: - type: string - type: array - severityCode: - description: The severity code of the incident. + diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + enabled: + type: boolean + http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + pprof: + type: object + properties: + enabled: + type: boolean + required: + - enabled + traces: + type: boolean + use_output: type: string required: - - issueTypes - - severityCode - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string + - enabled + - metrics + - logs + - traces + output_permissions: + additionalProperties: + type: object + properties: + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + output: + type: integer + type: object + outputs: + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + type: object + revision: + type: number + secret_references: + items: + type: object + properties: + id: + type: string + type: array required: - - fields - id - - name - - type - title: Create case request properties for a IBM Resilient connector - Cases_connector_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + - outputs + - inputs + Fleet_full_agent_policy_input: + allOf: + - additionalProperties: true type: object properties: - category: - description: The category of the incident. - nullable: true - type: string - impact: - description: The effect an incident had on business. - nullable: true + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + id: type: string - severity: - description: The severity of the incident. - nullable: true + meta: + additionalProperties: true + type: object + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: type: string - subcategory: - description: The subcategory of the incident. - nullable: true + revision: + type: number + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + type: type: string - urgency: - description: The extent to which the incident resolution can be delayed. - nullable: true + use_output: type: string required: - - category - - impact - - severity - - subcategory - - urgency - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .servicenow - example: .servicenow - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow ITSM connector - Cases_connector_properties_servicenow_sir: - description: Defines properties for connectors when type is `.servicenow-sir`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + - id + - name + - revision + - type + - data_stream + - use_output + title: Full agent policy input + Fleet_full_agent_policy_input_stream: + allOf: + - additionalProperties: true type: object properties: - category: - description: The category of the incident. - nullable: true - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. - nullable: true - type: boolean - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. - nullable: true - type: boolean - priority: - description: The priority of the issue. - nullable: true - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident. - nullable: true + data_stream: + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + - type + id: type: string required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. + - id + - data_stream + title: Full agent policy input stream + Fleet_full_agent_policy_output: + title: Full agent policy + type: object + properties: + additionalProperties: + type: object + properties: + text: {} + ca_sha256: + nullable: true type: string - type: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: type: string + type: {} required: - - fields - - id - - name - type - title: Create case request properties for a ServiceNow SecOps connector - Cases_connector_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + additionalProperties: + type: object + properties: + data: + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + type: object + properties: + names: + items: + type: string + type: array + privileges: + items: + type: string + type: array + type: array + packagePolicyName: + type: string + title: Full agent policy output permissions + Fleet_get_agent_tags_response: + title: Get Agent Tags response type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + items: + items: + type: string + type: array + Fleet_get_agents_response: + title: Get Agent response + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + page: + type: number + perPage: + type: number + statusSummary: type: object properties: - caseId: - description: The case identifier for Swimlane connectors. - nullable: true - type: string - required: - - caseId - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string + degraded': + type: number + enrolling: + type: number + error: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + unenrolled: + type: number + unenrolling: + type: number + updating: + type: number + total: + type: number required: - - fields - - id - - name - - type - title: Create case request properties for a Swimlane connector - Cases_connector_types: - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - type: string - Cases_create_case_request: - description: >- - The create case API request body varies depending on the type of - connector. + - items + - total + - page + - perPage + Fleet_get_bulk_assets_response: + deprecated: true properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. + items: items: type: object properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. + appLink: + type: string + attributes: + type: object + properties: + description: + type: string + title: + type: string + id: type: string type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 type: array - description: - $ref: '#/components/schemas/Cases_case_description' - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' required: - - connector - - description - - owner - - settings - - tags - - title - title: Create case request - type: object - Cases_external_service: - nullable: true + - items + title: Bulk get assets response type: object - properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: - type: string - external_url: - type: string - pushed_at: - format: date-time - type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - Cases_owner: - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - type: string - Cases_owners: - items: - $ref: '#/components/schemas/Cases_owner' - type: array - Cases_payload_alert_comment: + Fleet_get_categories_response: + title: Get categories response type: object properties: - comment: - type: object - properties: - alertId: - oneOf: - - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: string - - items: - type: string - type: array - index: - oneOf: - - example: .alerts-observability.logs.alerts-default - type: string - - items: - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert - type: string - Cases_payload_assignees: + items: + items: + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + required: + - items + Fleet_get_packages_response: + title: Get Packages response type: object properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - Cases_payload_connector: + items: + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + response: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + required: + - items + Fleet_installation_info: + title: Installation info object type: object properties: - connector: - type: object + created_at: + type: string + experimental_data_stream_features: + type: array properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true + data_stream: + type: string + features: type: object properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. + doc_value_only_numeric: nullable: true type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. + doc_value_only_other: nullable: true type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. + synthetic_source: nullable: true type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. + tsdb: nullable: true type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string + install_format_schema_version: + type: string + install_kibana_space_id: + type: string + install_source: + enum: + - registry + - upload + - bundled + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + type: object + properties: + deferred: + type: boolean id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none type: string type: - $ref: '#/components/schemas/Cases_connector_types' - Cases_payload_create_case: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + installed_kibana: type: object properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none + type: string + type: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + latest_executed_state: + description: Latest successfully executed state in package install state machine + type: object + properties: + error: type: string name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - description: + started_at: + type: string + latest_install_failed_attempts: + description: Latest failed install errors + items: + type: object + properties: + created_at: + type: string + error: + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + target_version: + type: string + type: array + name: type: string - owner: - $ref: '#/components/schemas/Cases_owner' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: + namespaces: items: - example: - - tag-1 type: string type: array - title: + type: type: string - Cases_payload_delete: - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. - nullable: true - type: object - Cases_payload_description: - type: object + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - verified + - unverified + - unknown + type: string + version: + type: string + required: + - installed_kibana + - installed_es + - name + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_kibana_saved_object_type: + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + title: Kibana saved object asset type + type: string + Fleet_new_package_policy: + description: '' properties: description: type: string - Cases_payload_pushed: - type: object - properties: - externalService: - $ref: '#/components/schemas/Cases_external_service' - Cases_payload_settings: - type: object - properties: - settings: - $ref: '#/components/schemas/Cases_settings' - Cases_payload_severity: - type: object - properties: - severity: - $ref: '#/components/schemas/Cases_case_severity' - Cases_payload_status: - type: object - properties: - status: - $ref: '#/components/schemas/Cases_case_status' - Cases_payload_tags: - type: object - properties: - tags: - example: - - tag-1 + enabled: + type: boolean + inputs: items: - type: string + type: object + properties: + config: + type: object + enabled: + type: boolean + processors: + items: + type: string + type: array + streams: + items: {} + type: array + type: + type: string + vars: + type: object + required: + - type + - enabled type: array - Cases_payload_title: - type: object - properties: - title: + name: type: string - Cases_payload_user_comment: - type: object - properties: - comment: + namespace: + type: string + output_id: + type: string + overrides: + type: object + package: type: object properties: - comment: + name: type: string - owner: - $ref: '#/components/schemas/Cases_owner' - type: - enum: - - user + requires_root: + type: boolean + title: type: string - Cases_rule: - description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Alerting rule + version: + type: string + required: + - name + - version + policy_id: + deprecated: true + nullable: true + type: string + policy_ids: + items: + type: string + type: array + required: + - inputs + - name + title: New package policy + type: object + Fleet_output_create_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + title: Output + Fleet_output_create_request_elasticsearch: + title: elasticsearch type: object properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The rule name. - example: security_rule type: string - x-state: Technical preview - Cases_searchFieldsType: - description: The fields to perform the `simple_query_string` parsed query against. - enum: - - description - - title - type: string - Cases_searchFieldsTypeArray: - items: - $ref: '#/components/schemas/Cases_searchFieldsType' - type: array - Cases_set_case_configuration_request: - description: >- - External connection details, such as the closure type and default - connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: type: object properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + Fleet_output_create_request_kafka: + title: kafka + type: object + properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: items: type: object properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 type: string - type: - description: The type of the custom field. - enum: - - text - - toggle + value: type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - maxItems: 10 - minItems: 0 type: array - owner: - $ref: '#/components/schemas/Cases_owner' - templates: - $ref: '#/components/schemas/Cases_templates' - required: - - closure_type - - connector - - owner - title: Set case configuration request - type: object - Cases_settings: - description: An object that contains the case settings. - type: object - properties: - syncAlerts: - description: Turns alert syncing on or off. - example: true + hosts: + items: + type: string + type: array + id: + type: string + is_default: type: boolean - required: - - syncAlerts - Cases_string: - type: string - Cases_string_array: - items: - $ref: '#/components/schemas/Cases_string' - maxItems: 100 - type: array - Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_templates: - items: - type: object - properties: - caseFields: + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string + name: + type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string + secrets: + type: object + properties: + password: + type: string + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: type: object properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. type: object properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. - example: none + condition: type: string type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - description: Custom field values in the template. - items: - type: object - properties: - key: - description: The unique key for the custom field. - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - value: - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - type: array - x-state: Technical preview - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - description: A description for the template. - type: string - key: - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. - type: string - name: - description: The name of the template. + type: string + type: array + type: + enum: + - kafka + type: string + username: + type: string + version: + type: string + required: + - name + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash + type: object + properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: type: string - tags: - $ref: '#/components/schemas/Cases_template_tags' - type: array - x-state: Technical preview - Cases_update_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + type: string + secrets: + type: object + properties: + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string + required: + - name + - hosts + - type + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch type: object properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' + hosts: + items: + type: string + type: array id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 type: string - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owner' - rule: - $ref: '#/components/schemas/Cases_rule' + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + secrets: + type: object + properties: + service_token: + type: string + service_token: + type: string type: - description: The type of comment. enum: - - alert - example: alert - type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd + - remote_elasticsearch type: string required: - - alertId - - id - - index - - owner - - rule - - type - - version - title: Update case comment request properties for alerts - Cases_update_case_comment_request: - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. + - name + Fleet_output_update_request: discriminator: mapping: - alert: '#/components/schemas/Cases_update_alert_comment_request_properties' - user: '#/components/schemas/Cases_update_user_comment_request_properties' + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' propertyName: type oneOf: - - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' - title: Update case comment request - Cases_update_case_configuration_request: - description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + title: Output + Fleet_output_update_request_elasticsearch: + title: elasticsearch + type: object properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: type: object properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - hosts + - type + Fleet_output_update_request_kafka: + title: kafka + type: object + properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: items: type: object properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 type: string - type: - description: The type of the custom field. - enum: - - text - - toggle + value: type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type type: array - templates: - $ref: '#/components/schemas/Cases_templates' - version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. - example: WzIwMiwxXQ== + hosts: + items: + type: string + type: array + id: type: string - required: - - version - title: Update case configuration request - type: object - Cases_update_case_request: - description: >- - The update case API request body varies depending on the type of - connector. - properties: - cases: - description: An array containing one or more case objects. + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string + name: + type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. items: type: object properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - maxLength: 30000 + topic: type: string - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: + when: + deprecated: true description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. - type: string - required: - - id - - version - maxItems: 100 - minItems: 1 + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string type: array - required: - - cases - title: Update case request - type: object - Cases_update_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 - type: string - id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' type: - description: The type of comment. enum: - - user - example: user + - kafka + type: string + username: type: string version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd type: string required: - - comment - - id - - owner - - type - - version - title: Update case comment request properties for user comments - type: object - Cases_user_actions_find_response_properties: + - name + Fleet_output_update_request_logstash: + title: logstash type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true + ca_sha256: type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + ca_trusted_fingerprint: type: string - created_by: + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + type: string + shipper: type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - username: - example: elastic - nullable: true + certificate_authorities: + items: + type: string + type: array + key: type: string - required: - - email - - full_name - - username - id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' type: - description: The type of action. enum: - - assignees - - create_case - - comment - - connector - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - version: - example: WzM1ODg4LDFd + - logstash type: string required: - - action - - comment_id - - created_at - - created_by - - id - - owner - - payload - - type - - version - Cases_user_actions_response_properties: + - name + Fleet_package_info: + title: Package information type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 + agent: + type: object + properties: + privileges: + type: object + properties: + root: + type: boolean + asset_tags: + items: + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + items: + type: string + type: array + categories: + items: + type: string + type: array + conditions: + type: object + properties: + elasticsearch: + type: object + properties: + subscription: + enum: + - basic + - gold + - platinum + - enterprise + type: string + kibana: + type: object + properties: + versions: + type: string + data_streams: + items: + type: object + properties: + ingeset_pipeline: + type: string + name: + type: string + package: + type: string + release: + type: string + title: + type: string + type: + type: string + vars: + items: + type: object + properties: + default: + type: string + name: + type: string + required: + - name + - default + type: array + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + type: array + description: type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true + discovery: + type: object + properties: + fields: + items: + type: object + properties: + name: + type: string + required: + - name + type: array + download: type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + elasticsearch: + type: object + properties: + privileges: + type: object + properties: + cluster: + items: + type: string + type: array + format_version: type: string - created_by: + icons: + items: + type: string + type: array + internal: + type: boolean + name: + type: string + owner: type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + github: type: string - username: - example: elastic - nullable: true + type: + enum: + - elastic + - partner + - community type: string required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type - Cases_user_comment_response_properties: - title: Case response properties for user comments - type: object - properties: - comment: - example: A new comment. + - github + path: type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + readme: type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - id: - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + release: + deprecated: true + description: >- + release label is deprecated, derive from the version instead + (packages follow semver) + enum: + - experimental + - beta + - ga type: string - owner: - $ref: '#/components/schemas/Cases_owner' - pushed_at: - example: null - format: date-time - nullable: true + screenshots: + items: + type: object + properties: + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + - path + type: array + source: + type: object + properties: + license: + enum: + - Apache-2.0 + - Elastic-2.0 + type: string + title: type: string - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' type: enum: - - user - example: user - type: string - updated_at: - example: null - format: date-time - nullable: true + - integration + - input + - content type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' version: - example: WzIwNDMxLDFd type: string required: + - name + - title + - version + - description - type - Data_views_400_response: - title: Bad request + - categories + - conditions + - assets + - format_version + - download + - path + - owner + Fleet_package_policy: + allOf: + - type: object + properties: + id: + type: string + inputs: + oneOf: + - items: {} + type: array + - type: object + revision: + type: number + required: + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + title: Package policy + Fleet_package_policy_request: + title: Package Policy Request type: object properties: - error: - example: Bad Request + description: + description: Package policy description + example: my description type: string - message: + force: + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found + inputs: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that input, (default to true)' + type: boolean + streams: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that stream, (default to true)' + type: boolean + vars: + description: >- + Stream level variable (see integration documentation for + more information) + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + type: object + vars: + description: >- + Input level variable (see integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + ignore_older: 72h + paths: + - /var/log/nginx/access.log* + preserve_original_event: false + tags: + - nginx-access + type: object + name: + description: Package policy name (should be unique) + example: nginx-123 type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found + namespace: + description: >- + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. + output_id: + description: Output ID to send package data to + example: output-id + nullable: true + type: string + overrides: + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: + inputs: type: object - id: - type: string + package: + type: object + properties: name: - description: The data view name. + description: Package name + example: nginx type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' version: + description: Package version + example: 1.6.0 type: string required: - - title - override: - default: false + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + example: agent-policy-id + nullable: true + type: string + policy_ids: + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id + items: + type: string + type: array + vars: description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean + Package root level variable (see integration documentation for more + information) + type: object required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties + - name + - package + Fleet_package_usage_stats: + title: Package usage stats type: object properties: - data_view: - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + agent_policy_count: + type: integer + required: + - agent_policy_count + Fleet_proxies: + title: Fleet Proxy type: object properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 + certificate: type: string - customLabel: - description: Custom label for the field. + certificate_authorities: type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. - type: object - properties: - script: + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: type: object - properties: - source: - description: Script for the runtime field. - type: string - type: - description: Mapping type of the runtime field. + url: type: string required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request + - name + - url + Fleet_saved_object_type: + oneOf: + - enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + type: string + - enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model + type: string + title: Saved Object type + Fleet_search_result: + title: Search result type: object properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. + description: type: string - fromId: - description: The saved object reference to change. + download: type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + icons: type: string - toId: - description: New saved object reference value to replace the old value. + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + name: type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: The timestamp field name, which you use for time-based data views. - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: When set to `rollup`, identifies the rollup data views. - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. + path: + type: string + savedObject: + deprecated: true type: object + status: + type: string + title: + type: string + type: + type: string + version: + type: string required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true + - description + - download + - icons + - name + - path + - title + - type + - version + - status + Fleet_settings: + title: Settings type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. + delete_unenrolled_agents: type: object - Data_views_update_data_view_request_object: - title: Update data view request + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + fleet_server_hosts: + deprecated: true + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_upgrade_agent: + title: Upgrade agent type: object properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + skipRateLimitCheck: + description: Skip rate limit check for upgrade type: boolean + source_uri: + type: string + version: + type: string required: - - data_view + - version + Fleet_upgrade_agent_diff: + items: + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + type: array + title: Package policy Upgrade dryrun + type: array + Fleet_upgrade_diff: + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + items: + type: object + properties: + key: + type: string + message: + type: string + type: array + missingVars: + items: + type: string + type: array + type: object + title: Package policy Upgrade dryrun + type: array Kibana_HTTP_APIs_core_status_redactedResponse: additionalProperties: false description: A minimal representation of Kibana's operational status. @@ -48801,7 +31439,7 @@ components: additionalProperties: $ref: >- #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: If saved objects are missing for trained models, they are created. + description: 'If saved objects are missing for trained models, they are created.' type: object title: Sync API response for created saved objects type: object @@ -49563,13 +32201,13 @@ components: type: object properties: traceId: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: string transactionId: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: string Security_AI_Assistant_API_User: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: object properties: id: @@ -49825,12 +32463,12 @@ components: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. example: 1h - pattern: ^[1-9]\d*[smh]$ + pattern: '^[1-9]\d*[smh]$' type: string lookback: description: Lookback time for the rule example: 1h - pattern: ^[1-9]\d*[smh]$ + pattern: '^[1-9]\d*[smh]$' type: string required: - interval @@ -53406,9 +36044,9 @@ components: - no_actions - rule type: string - - description: Time interval in seconds, minutes, hours, or days. + - description: 'Time interval in seconds, minutes, hours, or days.' example: 1h - pattern: ^[1-9]\d*[smhd]$ + pattern: '^[1-9]\d*[smhd]$' type: string Security_Detections_API_RuleAuthorArray: items: @@ -53669,7 +36307,7 @@ components: discriminator: propertyName: type Security_Detections_API_RuleSignatureId: - description: Could be any string, not necessarily a UUID + description: 'Could be any string, not necessarily a UUID' type: string Security_Detections_API_RuleSource: description: >- @@ -55670,7 +38308,7 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: 'Human readable string identifier, e.g. `trusted-linux-processes`' Security_Endpoint_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItem: @@ -56730,6 +39368,8 @@ components: Security_Entity_Analytics_API_EngineDescriptor: type: object properties: + error: + type: object fieldHistoryLength: type: integer filter: @@ -57189,7 +39829,7 @@ components: type: string Security_Exceptions_API_ExceptionListHumanId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: 'Human readable string identifier, e.g. `trusted-linux-processes`' Security_Exceptions_API_ExceptionListId: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItem: @@ -58958,7 +41598,7 @@ components: example: Not Found type: string message: - example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found + example: 'SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found' type: string statusCode: example: 404 @@ -58975,7 +41615,7 @@ components: example: Conflict type: string message: - example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists + example: 'SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists' type: string statusCode: example: 409 @@ -59082,11 +41722,11 @@ components: type: object properties: consumed: - description: The error budget consummed, as a percentage of the initial value. + description: 'The error budget consummed, as a percentage of the initial value.' example: 0.8 type: number initial: - description: The initial error budget, as 1 - objective + description: 'The initial error budget, as 1 - objective' example: 0.02 type: number isEstimated: @@ -59096,7 +41736,7 @@ components: example: true type: boolean remaining: - description: The error budget remaining, as a percentage of the initial value. + description: 'The error budget remaining, as a percentage of the initial value.' example: 0.2 type: number required: @@ -59196,7 +41836,7 @@ components: type: string index: description: The index used by APM metrics - example: metrics-apm*,apm* + example: 'metrics-apm*,apm*' type: string service: description: The APM service name @@ -59243,7 +41883,7 @@ components: type: string index: description: The index used by APM metrics - example: metrics-apm*,apm* + example: 'metrics-apm*,apm*' type: string service: description: The APM service name @@ -59377,7 +42017,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -59431,7 +42071,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -59733,7 +42373,7 @@ components: properties: frequency: default: 1m - description: Configure how often the transform runs, default 1m + description: 'Configure how often the transform runs, default 1m' example: 5m type: string preventInitialBackfill: @@ -59874,7 +42514,7 @@ components: - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' instanceId: - description: the value derived from the groupBy field, if present, otherwise '*' + description: 'the value derived from the groupBy field, if present, otherwise ''*''' example: host-abcde type: string name: @@ -59999,7 +42639,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -60022,7 +42662,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string required: - name @@ -60050,7 +42690,7 @@ components: name: description: The name of the metric. Only valid options are A-Z example: A - pattern: ^[A-Z]$ + pattern: '^[A-Z]$' type: string percentile: description: The percentile value. @@ -60140,13 +42780,13 @@ tags: - name: Elastic Package Manager (EPM) - name: Fleet enrollment API keys - name: Fleet internals + - name: Fleet Kubernetes - name: Fleet outputs - name: Fleet package policies - name: Fleet proxies - name: Fleet Server hosts - name: Fleet service tokens - name: Fleet uninstall tokens - - name: Message Signing Service - description: Machine learning name: ml - name: roles @@ -60201,10 +42841,10 @@ tags: other criteria are met. name: Security Exceptions API x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' name: Security Lists API x-displayName: Security lists - - description: Run live queries, manage packs and saved queries. + - description: 'Run live queries, manage packs and saved queries.' name: Security Osquery API x-displayName: Security Osquery - description: >- @@ -60212,7 +42852,7 @@ tags: import new Timelines from an ndjson file. name: Security Timeline API x-displayName: Security timeline - - description: SLO APIs enable you to define, manage and track service-level objectives + - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - name: spaces - name: system